Solved

passwords and versions

Posted on 2011-03-02
7
264 Views
Last Modified: 2013-11-05
With basic domain user privelelges (i dont have local admin or domain admin), is there any way to check the version of a server in my domain, i.e. win2k, server 03, server 08 etc? And also, I am told there are local accounts on this server with blank passwords, is there any way from the command prompt to test if these users passwords really are blank? I dont want to RDP onto it. The servers are either win2k or server 2003. Is it possible to even have blank passwords on local accounts on win2k or server 2003?
0
Comment
Question by:pma111
7 Comments
 
LVL 1

Assisted Solution

by:AlexDemel
AlexDemel earned 35 total points
ID: 35016365
using active directory users and computers, you could right-click on the computer object of your server and see the operating system version and service pack level at the "operating system" tab.
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 45 total points
ID: 35016403
you could use the following query to retrieveall the servers in your domain:
dsquery * -limit 0 -filter "(&(objectCategory=Computer)(objectClass=User)(operatingSystem=*Server*))" -attr samaccountname operatingSystem operatingSystemVersion

for blank passwords, i don't think, it relies on your default domain policy, (you can read it with normal account), but if it permits blank password, it's really not secure.

0
 
LVL 3

Author Comment

by:pma111
ID: 35016410
I meant a local account on a member server not a domain account
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 3

Author Comment

by:pma111
ID: 35016712
surely surely there must be a NET command or similar to check if a local account on a server has a blank password?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35016870
I've understood your question, but local accounts relies on the domain passwords policy too, as soon are they member of the domain.
0
 
LVL 3

Author Comment

by:pma111
ID: 35016922
Does it?

That doesnt add up, as many many of our local accounts have passwords that are less (in lenght) than the domain policy which stipulates 10.

So in many cases as builds are based on an image, the local administrator account has a password that is only 8 characters long.
0
 
LVL 7

Assisted Solution

by:jesaja
jesaja earned 45 total points
ID: 35047313
I haven't used it but Microsoft Baseline Security Analyzer will scan for week passwords

http://technet.microsoft.com/en-us/security/cc184923


if the server is joined to a domain the domain password policy will not get applied to local accounts unless the password is changed
so empty local passwords could still exist

on 2008 the default security settings are much better then in older versions
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Federation ID format? 3 31
RSOP Red "X" 7 27
self service AD unlock account from Azure portal 2 38
Generate HTML report about DHCP server 2003 1 7
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now