[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Changing Windows Server 2008 R2 Domain Admin Password

Posted on 2015-01-12
3
Medium Priority
?
524 Views
Last Modified: 2015-01-14
Recently had our main IT person left so we want to change the domain admin password.  We have one server in our environment, Server 2008R2.  We did some research on the impact and it looks like we need to double check any services/tasks that may be using the Admin account before changing the password.  So, we checked in Services and saw the backup software is using the Admin account.   Everything else listed is using Local System or Network Service.  Under Task Scheduler, we drill down to Task Scheduler Library, Microsoft, Windows, and see "Backup" running under the Admin account and nothing else.  Is there anything else we need to check for before changing the password?  And do we just log in as the admin and change it or is there another way it has to be done?  Thank you.
0
Comment
Question by:Jason92s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1600 total points
ID: 40545718
First off you should not be using the domain admin username/password as a service account. Second you are correct, in regards to updating the password on any/all services/scheduled task that have passwords cached. You also might want to make sure that there are no scripts that run that use this username and password.

Changing a Domain Admin password in a well established environment should have no impact. Use service accounts for services and scheduled tasks. Also no one should be logging in with the domain admin account.

You should have something like this for users that need to have domain admin access.

Regular Account
wills

Domain Admin Account
admin-wills

Accounts should be separate IMO so that people don't mistakenly run a command from there regular login and mess things up. If they want to run administrative tasks or login to a server they should be using their admin-name account.

Now not everyone sets it up this way but i find that this is the more secure way of managing accounts.

Will.
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 200 total points
ID: 40545726
That should cover it.

To avoid such things in the future, might as well start now and create service accounts
One for the backup software to use, double check what rights it needs and have the user with those rights.
You might as well use the same backup account for the backup task.
0
 
LVL 3

Assisted Solution

by:roycbene
roycbene earned 200 total points
ID: 40545825
To add to Arnold's solution, service accounts DO NOT have to be Active Directory accounts. In fact, unless you are using them on multiple machines on the domain (i.e. if you are just using them to kick off scheduled tasks or something similar on the one server), then I would create the account on the relevant machine as a local user and give it the rights it needs.

-R
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question