Solved

Changing the domain admin password

Posted on 2016-11-21
9
40 Views
Last Modified: 2016-11-22
Hi all

Need some advice, need to change domain admin password. Apart from any services that may have manual credential entries, what else should i look out for
0
Comment
Question by:Technical Information
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 14

Assisted Solution

by:Jason Crawford
Jason Crawford earned 100 total points
ID: 41896042
Make sure you have a backup admin user account to fall back on if needed.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41896057
Look at this tool, it will list services and scheduled tasks on remote computers (search whole domain: possible) and list their accounts: http://www.cjwdev.com/Software/ServiceCredMan/Info.html - free even!
1
 
LVL 4

Accepted Solution

by:
jmac44 earned 300 total points
ID: 41896666
I would not install tool that searches for credentials like that on my network period. You don't know what it's going to install and it not responsible for any System Admin to do that. It could install key loggers etc...

Your better off looking for schedule task yourself. Most services are not manually updated with admin passwords meaning if you change the admin password it will automatically change any services that use the Admin password. Your biggest concerns are schedule tasks and maybe some company apps that might rely on the admin password.  

I can not express what a failure it would be to install any ones software to search and discover where your admin password might be used.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41897170
@jmac44
Agreed, why install tools from 3rd party sources when you can script it yourself? I can script that. but can the author do it?
And if you look at the tons of softwares that some people execute without the slightest bit of worrying... some with admin accounts, some even with domain admin accounts.

But still agreeing, although this would imply that you have no testing procedures running that take away the worries. I work for a company close to the military. Whatever software we introduce is closely monitored, any change on local or remote systems during installation or usage is analysed before it goes to the production environment. That software passed the test.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Author Comment

by:Technical Information
ID: 41897389
@jmac44 thanks for the advice and yes I agree, 3rd party software will not be used to recover passwords.

Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 41897401
"I agree, 3rd party software will not be used to recover passwords. " - recover passwords? No, that software queries task scheduler and service manager for account information - not for passwords. As I wrote, we tested that software for compliance.
"Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?" - a domain admin password should be complex and long (at least 15 characters) which should be no problem since it will not be typed regularly, only when administering the domain.
0
 
LVL 1

Author Comment

by:Technical Information
ID: 41897802
@Mcknife I worded that last comment wrong, i didn't mean recover password.
0
 
LVL 4

Assisted Solution

by:jmac44
jmac44 earned 300 total points
ID: 41897808
Although your choice is complex it's a little short. Typically you want your admin password 15 character or longer and it shouldn't have any repeating characters with a combination of upper case, lower case and special characters.  It should be something that you can remember without having to reference anything while under pressure when something fails and the boss is breathing down your neck for results.

I like this article by Bruce Schneier that gives some simple advice on choosing passwords. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html It's by no means aimed at System Administrators but he gives some good examples of how to choose complex passwords and why.
1
 
LVL 1

Author Comment

by:Technical Information
ID: 41898117
Thanks for your response guys, password has been changed using 14 characters, symbols and numbers. Only service I had to change was Kaspersky.
1

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Not many admins are aware that GPOs can be activated and deactivated time-based. Time to change that :)
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now