• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

passwords and versions

With basic domain user privelelges (i dont have local admin or domain admin), is there any way to check the version of a server in my domain, i.e. win2k, server 03, server 08 etc? And also, I am told there are local accounts on this server with blank passwords, is there any way from the command prompt to test if these users passwords really are blank? I dont want to RDP onto it. The servers are either win2k or server 2003. Is it possible to even have blank passwords on local accounts on win2k or server 2003?
0
pma111
Asked:
pma111
3 Solutions
 
AlexDemelCommented:
using active directory users and computers, you could right-click on the computer object of your server and see the operating system version and service pack level at the "operating system" tab.
0
 
TasmantCommented:
you could use the following query to retrieveall the servers in your domain:
dsquery * -limit 0 -filter "(&(objectCategory=Computer)(objectClass=User)(operatingSystem=*Server*))" -attr samaccountname operatingSystem operatingSystemVersion

for blank passwords, i don't think, it relies on your default domain policy, (you can read it with normal account), but if it permits blank password, it's really not secure.

0
 
pma111Author Commented:
I meant a local account on a member server not a domain account
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
pma111Author Commented:
surely surely there must be a NET command or similar to check if a local account on a server has a blank password?
0
 
TasmantCommented:
I've understood your question, but local accounts relies on the domain passwords policy too, as soon are they member of the domain.
0
 
pma111Author Commented:
Does it?

That doesnt add up, as many many of our local accounts have passwords that are less (in lenght) than the domain policy which stipulates 10.

So in many cases as builds are based on an image, the local administrator account has a password that is only 8 characters long.
0
 
jesajaCommented:
I haven't used it but Microsoft Baseline Security Analyzer will scan for week passwords

http://technet.microsoft.com/en-us/security/cc184923


if the server is joined to a domain the domain password policy will not get applied to local accounts unless the password is changed
so empty local passwords could still exist

on 2008 the default security settings are much better then in older versions
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now