Solved

prevent reset password on windows server 2008 r2

Posted on 2013-01-20
7
459 Views
Last Modified: 2013-05-12
how am i prevent anyone to reset windows server 2008/12 administrator password, he can reboot my server and can direct touch my server
0
Comment
Question by:john80988
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 95

Expert Comment

by:John Hurst
ID: 38798290
An administrator can change the administrator's password. I don't think there is any way around that.

You can make the user in question a non-administrator and give them roles that they can do. There are a numberof different groups in Active Director, Users and Groups.

... Thinkpads_User
0
 

Author Comment

by:john80988
ID: 38798390
i mean if he is not administrator, but he was using some trick that can access, back hack the password
0
 
LVL 95

Accepted Solution

by:
John Hurst earned 500 total points
ID: 38798396
If the user is not the adminstrator and does not know the administrator password, then they cannot change the administrator password. There is no Windows back door into this.

There may be hacking tools that a person could try, but presumably you have more faith in your user than this. You would also find your server being restarted unnecessarily.

... Thinkpads_User
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 55

Expert Comment

by:McKnife
ID: 38799287
I am sure you are talking about the various offline attacks that you can achieve with boot CDs.
All these attacks fail if you encrypt the servers. Use Bitlocker to encrypt the server.

...however this produces another problem: how to provide the key in case the server needs to restart? Manually wouldn't be a goo choice. So you need to address this, too. If the server hardware features a TPM chip (your manual will tell you), this can be solved.
With server 2012's Bitlocker version, there's even a solution without a TPM, called netunlock but that requires a lot more, so before advising, you should give feedback whether this sounds interesting.
0
 

Author Comment

by:john80988
ID: 38854840
i think there is no way to prevent it, if user able to physical contact the server.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 38858304
Now what should that mean? I showed you there is. He cannot go in when encrypted nor can he do offline attacks.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39159783
So how will proceed with this? No encryption? That's the wrong way. Encryption is the only possible way to protect against physical access?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question