Kaptain1
asked on
Changing AD Admin password
Hi Experts,
I'm planning to change the password of the main user on Windows Server 2003 who's also an Administrator.
I want to be careful not to break anything... I checked the services.msc, and it seems that there aren't any services that are specifically using that account.
What things should I watch out for? How can I be sure nothing breaks?
Please advise.
I'm planning to change the password of the main user on Windows Server 2003 who's also an Administrator.
I want to be careful not to break anything... I checked the services.msc, and it seems that there aren't any services that are specifically using that account.
What things should I watch out for? How can I be sure nothing breaks?
Please advise.
ASKER
Well, the server is a DC, but it's not replicating with any other servers. I believe it's a Domain account (since it's set-up in AD?).
I don't think that other machines are using that account - what would be the best way to check?
I don't think that other machines are using that account - what would be the best way to check?
I would completely disable the integrated Administrator account after creating a copy account from it. The SID of the administrator is well known and can serve as entry point for an attack. By creating a copy of it, you will retain all its permissions eliminating the danger of brut force attack.
However, you need to verify if it not used on other servers too. Being a DC, the local Administrator account is actually a domain administrator, so it could be used by services on other servers. On other hand, there is no software that will use it without asking during the installation, so if you know your network, there is no danger of disabling or changing its password.
However, you need to verify if it not used on other servers too. Being a DC, the local Administrator account is actually a domain administrator, so it could be used by services on other servers. On other hand, there is no software that will use it without asking during the installation, so if you know your network, there is no danger of disabling or changing its password.
ASKER
Yes, the main account name is not Administrator, but it has Administrator privileges.
Is there any other way I can check/predict possible issues with changing the main account's password?
Thanks
Is there any other way I can check/predict possible issues with changing the main account's password?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks
Mike