Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 157
  • Last Modified:

Changing the domain admin password

Hi all

Need some advice, need to change domain admin password. Apart from any services that may have manual credential entries, what else should i look out for
0
Technical Information
Asked:
Technical Information
  • 3
  • 3
  • 2
  • +1
4 Solutions
 
Jason CrawfordTransport NinjaCommented:
Make sure you have a backup admin user account to fall back on if needed.
0
 
McKnifeCommented:
Look at this tool, it will list services and scheduled tasks on remote computers (search whole domain: possible) and list their accounts: http://www.cjwdev.com/Software/ServiceCredMan/Info.html - free even!
1
 
jmac44Commented:
I would not install tool that searches for credentials like that on my network period. You don't know what it's going to install and it not responsible for any System Admin to do that. It could install key loggers etc...

Your better off looking for schedule task yourself. Most services are not manually updated with admin passwords meaning if you change the admin password it will automatically change any services that use the Admin password. Your biggest concerns are schedule tasks and maybe some company apps that might rely on the admin password.  

I can not express what a failure it would be to install any ones software to search and discover where your admin password might be used.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
McKnifeCommented:
@jmac44
Agreed, why install tools from 3rd party sources when you can script it yourself? I can script that. but can the author do it?
And if you look at the tons of softwares that some people execute without the slightest bit of worrying... some with admin accounts, some even with domain admin accounts.

But still agreeing, although this would imply that you have no testing procedures running that take away the worries. I work for a company close to the military. Whatever software we introduce is closely monitored, any change on local or remote systems during installation or usage is analysed before it goes to the production environment. That software passed the test.
0
 
Technical InformationAuthor Commented:
@jmac44 thanks for the advice and yes I agree, 3rd party software will not be used to recover passwords.

Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?
0
 
McKnifeCommented:
"I agree, 3rd party software will not be used to recover passwords. " - recover passwords? No, that software queries task scheduler and service manager for account information - not for passwords. As I wrote, we tested that software for compliance.
"Can you advise on password complexity is a password like £$%Ffwe05" over the top for a domain admin password?" - a domain admin password should be complex and long (at least 15 characters) which should be no problem since it will not be typed regularly, only when administering the domain.
0
 
Technical InformationAuthor Commented:
@Mcknife I worded that last comment wrong, i didn't mean recover password.
0
 
jmac44Commented:
Although your choice is complex it's a little short. Typically you want your admin password 15 character or longer and it shouldn't have any repeating characters with a combination of upper case, lower case and special characters.  It should be something that you can remember without having to reference anything while under pressure when something fails and the boss is breathing down your neck for results.

I like this article by Bruce Schneier that gives some simple advice on choosing passwords. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html It's by no means aimed at System Administrators but he gives some good examples of how to choose complex passwords and why.
1
 
Technical InformationAuthor Commented:
Thanks for your response guys, password has been changed using 14 characters, symbols and numbers. Only service I had to change was Kaspersky.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now