Solved

prevent reset password on windows server 2008 r2

Posted on 2013-01-20
7
438 Views
Last Modified: 2013-05-12
how am i prevent anyone to reset windows server 2008/12 administrator password, he can reboot my server and can direct touch my server
0
Comment
Question by:john80988
  • 3
  • 2
  • 2
7 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 38798290
An administrator can change the administrator's password. I don't think there is any way around that.

You can make the user in question a non-administrator and give them roles that they can do. There are a numberof different groups in Active Director, Users and Groups.

... Thinkpads_User
0
 

Author Comment

by:john80988
ID: 38798390
i mean if he is not administrator, but he was using some trick that can access, back hack the password
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
ID: 38798396
If the user is not the adminstrator and does not know the administrator password, then they cannot change the administrator password. There is no Windows back door into this.

There may be hacking tools that a person could try, but presumably you have more faith in your user than this. You would also find your server being restarted unnecessarily.

... Thinkpads_User
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 53

Expert Comment

by:McKnife
ID: 38799287
I am sure you are talking about the various offline attacks that you can achieve with boot CDs.
All these attacks fail if you encrypt the servers. Use Bitlocker to encrypt the server.

...however this produces another problem: how to provide the key in case the server needs to restart? Manually wouldn't be a goo choice. So you need to address this, too. If the server hardware features a TPM chip (your manual will tell you), this can be solved.
With server 2012's Bitlocker version, there's even a solution without a TPM, called netunlock but that requires a lot more, so before advising, you should give feedback whether this sounds interesting.
0
 

Author Comment

by:john80988
ID: 38854840
i think there is no way to prevent it, if user able to physical contact the server.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38858304
Now what should that mean? I showed you there is. He cannot go in when encrypted nor can he do offline attacks.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39159783
So how will proceed with this? No encryption? That's the wrong way. Encryption is the only possible way to protect against physical access?
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now