Changing the domain admin password

Hi all

Need some advice, need to change domain admin password. Apart from any services that may have manual credential entries, what else should i look out for
LVL 2
Technical InformationAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
jmac44Connect With a Mentor Commented:
I would not install tool that searches for credentials like that on my network period. You don't know what it's going to install and it not responsible for any System Admin to do that. It could install key loggers etc...

Your better off looking for schedule task yourself. Most services are not manually updated with admin passwords meaning if you change the admin password it will automatically change any services that use the Admin password. Your biggest concerns are schedule tasks and maybe some company apps that might rely on the admin password.  

I can not express what a failure it would be to install any ones software to search and discover where your admin password might be used.
0
 
Jason CrawfordConnect With a Mentor Exchange EngineerCommented:
Make sure you have a backup admin user account to fall back on if needed.
0
 
McKnifeCommented:
Look at this tool, it will list services and scheduled tasks on remote computers (search whole domain: possible) and list their accounts: http://www.cjwdev.com/Software/ServiceCredMan/Info.html - free even!
1
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
McKnifeCommented:
@jmac44
Agreed, why install tools from 3rd party sources when you can script it yourself? I can script that. but can the author do it?
And if you look at the tons of softwares that some people execute without the slightest bit of worrying... some with admin accounts, some even with domain admin accounts.

But still agreeing, although this would imply that you have no testing procedures running that take away the worries. I work for a company close to the military. Whatever software we introduce is closely monitored, any change on local or remote systems during installation or usage is analysed before it goes to the production environment. That software passed the test.
0
 
Technical InformationAuthor Commented:
@jmac44 thanks for the advice and yes I agree, 3rd party software will not be used to recover passwords.

Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?
0
 
McKnifeConnect With a Mentor Commented:
"I agree, 3rd party software will not be used to recover passwords. " - recover passwords? No, that software queries task scheduler and service manager for account information - not for passwords. As I wrote, we tested that software for compliance.
"Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?" - a domain admin password should be complex and long (at least 15 characters) which should be no problem since it will not be typed regularly, only when administering the domain.
0
 
Technical InformationAuthor Commented:
@Mcknife I worded that last comment wrong, i didn't mean recover password.
0
 
jmac44Connect With a Mentor Commented:
Although your choice is complex it's a little short. Typically you want your admin password 15 character or longer and it shouldn't have any repeating characters with a combination of upper case, lower case and special characters.  It should be something that you can remember without having to reference anything while under pressure when something fails and the boss is breathing down your neck for results.

I like this article by Bruce Schneier that gives some simple advice on choosing passwords. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html It's by no means aimed at System Administrators but he gives some good examples of how to choose complex passwords and why.
1
 
Technical InformationAuthor Commented:
Thanks for your response guys, password has been changed using 14 characters, symbols and numbers. Only service I had to change was Kaspersky.
1
All Courses

From novice to tech pro — start learning today.