Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

prevent reset password on windows server 2008 r2

how am i prevent anyone to reset windows server 2008/12 administrator password, he can reboot my server and can direct touch my server
0
john80988
Asked:
john80988
  • 3
  • 2
  • 2
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
An administrator can change the administrator's password. I don't think there is any way around that.

You can make the user in question a non-administrator and give them roles that they can do. There are a numberof different groups in Active Director, Users and Groups.

... Thinkpads_User
0
 
john80988Author Commented:
i mean if he is not administrator, but he was using some trick that can access, back hack the password
0
 
John HurstBusiness Consultant (Owner)Commented:
If the user is not the adminstrator and does not know the administrator password, then they cannot change the administrator password. There is no Windows back door into this.

There may be hacking tools that a person could try, but presumably you have more faith in your user than this. You would also find your server being restarted unnecessarily.

... Thinkpads_User
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
McKnifeCommented:
I am sure you are talking about the various offline attacks that you can achieve with boot CDs.
All these attacks fail if you encrypt the servers. Use Bitlocker to encrypt the server.

...however this produces another problem: how to provide the key in case the server needs to restart? Manually wouldn't be a goo choice. So you need to address this, too. If the server hardware features a TPM chip (your manual will tell you), this can be solved.
With server 2012's Bitlocker version, there's even a solution without a TPM, called netunlock but that requires a lot more, so before advising, you should give feedback whether this sounds interesting.
0
 
john80988Author Commented:
i think there is no way to prevent it, if user able to physical contact the server.
0
 
McKnifeCommented:
Now what should that mean? I showed you there is. He cannot go in when encrypted nor can he do offline attacks.
0
 
McKnifeCommented:
So how will proceed with this? No encryption? That's the wrong way. Encryption is the only possible way to protect against physical access?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now