Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 144
  • Last Modified:

Changing the domain admin password

Hi all

Need some advice, need to change domain admin password. Apart from any services that may have manual credential entries, what else should i look out for
0
Technical Information
Asked:
Technical Information
  • 3
  • 3
  • 2
  • +1
4 Solutions
 
Jason CrawfordExchange EngineerCommented:
Make sure you have a backup admin user account to fall back on if needed.
0
 
McKnifeCommented:
Look at this tool, it will list services and scheduled tasks on remote computers (search whole domain: possible) and list their accounts: http://www.cjwdev.com/Software/ServiceCredMan/Info.html - free even!
1
 
jmac44Commented:
I would not install tool that searches for credentials like that on my network period. You don't know what it's going to install and it not responsible for any System Admin to do that. It could install key loggers etc...

Your better off looking for schedule task yourself. Most services are not manually updated with admin passwords meaning if you change the admin password it will automatically change any services that use the Admin password. Your biggest concerns are schedule tasks and maybe some company apps that might rely on the admin password.  

I can not express what a failure it would be to install any ones software to search and discover where your admin password might be used.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
McKnifeCommented:
@jmac44
Agreed, why install tools from 3rd party sources when you can script it yourself? I can script that. but can the author do it?
And if you look at the tons of softwares that some people execute without the slightest bit of worrying... some with admin accounts, some even with domain admin accounts.

But still agreeing, although this would imply that you have no testing procedures running that take away the worries. I work for a company close to the military. Whatever software we introduce is closely monitored, any change on local or remote systems during installation or usage is analysed before it goes to the production environment. That software passed the test.
0
 
Technical InformationAuthor Commented:
@jmac44 thanks for the advice and yes I agree, 3rd party software will not be used to recover passwords.

Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?
0
 
McKnifeCommented:
"I agree, 3rd party software will not be used to recover passwords. " - recover passwords? No, that software queries task scheduler and service manager for account information - not for passwords. As I wrote, we tested that software for compliance.
"Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?" - a domain admin password should be complex and long (at least 15 characters) which should be no problem since it will not be typed regularly, only when administering the domain.
0
 
Technical InformationAuthor Commented:
@Mcknife I worded that last comment wrong, i didn't mean recover password.
0
 
jmac44Commented:
Although your choice is complex it's a little short. Typically you want your admin password 15 character or longer and it shouldn't have any repeating characters with a combination of upper case, lower case and special characters.  It should be something that you can remember without having to reference anything while under pressure when something fails and the boss is breathing down your neck for results.

I like this article by Bruce Schneier that gives some simple advice on choosing passwords. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html It's by no means aimed at System Administrators but he gives some good examples of how to choose complex passwords and why.
1
 
Technical InformationAuthor Commented:
Thanks for your response guys, password has been changed using 14 characters, symbols and numbers. Only service I had to change was Kaspersky.
1

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now