Windows Server 2003 - changing admin password - effects on running services

Posted on 2009-02-18
Last Modified: 2013-12-04
I am looking at running an exercise across the whole network for all users, including the admin account, to change passwords and increase the number and complexity of characters.

Given that some of my servers run MS SQL/SAP Business One, SQL Express, Blackberry Enterprise Server, Exchange 2003 and all kinds of other nonsense where startup services are tied to the admin account, what is the safe way of changing the admin account password without killing any of the services that depend on it ?

Last time I sandboxed this it created minor havoc...
Question by:Copyleft
    LVL 82

    Accepted Solution

    Do NOT, never, ever, use accounts that are used for interactive logons as service accounts. Create dedicated accounts for each service, and give these accounts only the permissions they require for their specific task. Use complex passwords, and set these passwords to never expire. When you want to change these passwords, you'll then know exactly which services you need to reconfigure.
    To clean out your current situation, start by creating service accounts for each service (and don't forget scheduled tasks!) that is started with the admin account, and reconfigure these services. Once this is done, you'll be able to change the admin account's password as often as you feel like doing so, without having to worry about your services coming to a grinding halt.

    Author Comment

    Fair enough - I inherited this network in its current condition, so I can only work with what's already in place.

    Leaving best practice aside for one moment, might manually updating every service tied to the current admin login acccount work ?

    I'm not intending to do it this way - just thinking out loud out of curiosity. Your suggested method sounds fine :)
    LVL 82

    Expert Comment

    Manually updating each and every service using this account as soon as you've changed the password for the account itself is actually the only option you have. This usually requires a restart of the service as well.
    Before you change the password in your current situation, consider changing your account lockout policy (for a limited time) to Never, so that a forgotten service won't lock this account (thus keeping other services from running) if it keeps trying to logon with the old password.

    Author Comment


    I'm going to try your first suggestion on a sandbox server using yesterday's full disk image backup of one of our main servers.

    Once I am happy with it I will tackle the live server.

    Points awarded - thanks again :)

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now