Prev: SCCM Eval in HyperV
Next: Access Denied to Files in a Server Profile - HELP!!!
From: Kenn on 17 Jun 2010 11:17
I know that this has probably been asked many, many times and there is
probably a set procedure for it but I still have not been able to
locate one.

In the state that I work, the education field has taken a pretty big
hit as far as layoffs for teachers and support staff are concerned.
Hence my upcoming problem!

At the end of this month, I will have an urgent need to change the
administrator password for our district network since several people
from within my department will be leaving the district that know the
current password.

I know that the administrator password can be easily changed, but in
some cases some services running with the current administrator
password (SQL, Exchange, Backup application, etc) do not automatically
pickup the new password and must be manually changed\entered from
within the application or service. I also believe some years ago I
read that there is some utility that can be run against the servers
that show what services require(d) an administrator password and I
think it also gave one a way to change them.

While going ahead and just changing the password, rebooting the
servers and seeing what service(s) fail upon startup, and then
hunting down how to change them is possible, I would rather not if
there is a better way in identifying what service\application can be
changed ahead of time.

Is there someone\something out there that can help me in this
situation?

Regards,

Kenn
From: Pegasus [MVP] on 17 Jun 2010 12:39


"Kenn" <evankok(a)newegypt.us> wrote in message
news:8sek16l2ff6b4r1aeif3gd1egrslqnc4ii(a)4ax.com...
> I know that this has probably been asked many, many times and there is
> probably a set procedure for it but I still have not been able to
> locate one.
>
> In the state that I work, the education field has taken a pretty big
> hit as far as layoffs for teachers and support staff are concerned.
> Hence my upcoming problem!
>
> At the end of this month, I will have an urgent need to change the
> administrator password for our district network since several people
> from within my department will be leaving the district that know the
> current password.
>
> I know that the administrator password can be easily changed, but in
> some cases some services running with the current administrator
> password (SQL, Exchange, Backup application, etc) do not automatically
> pickup the new password and must be manually changed\entered from
> within the application or service. I also believe some years ago I
> read that there is some utility that can be run against the servers
> that show what services require(d) an administrator password and I
> think it also gave one a way to change them.
>
> While going ahead and just changing the password, rebooting the
> servers and seeing what service(s) fail upon startup, and then
> hunting down how to change them is possible, I would rather not if
> there is a better way in identifying what service\application can be
> changed ahead of time.
>
> Is there someone\something out there that can help me in this
> situation?
>
> Regards,
>
> Kenn

Using the administrator's account/password for services and for scheduled
tasks is not recommended, for the very reasons you now mention. If this was
my machine then I would change things right now: Create two new accounts,
e.g. "Schedule" and "Services", make them members of the Administrators
group, then go through your services and scheduled tasks and change the
account where necessary. Remember to make the passwords non-expiring and to
block interactive sessions. In this way you need to change only the
Administrator's password at the end of the month.

From: Matija Kapraljevic [Revenger] on 18 Jun 2010 05:12
On Thu, 17 Jun 2010 11:17:08 -0400, Kenn wrote:

In addition to what Pegasus already said, there should be one and only one
person that knows the administrator accounts password.

Other users that need administrative privileges should be added to
administrators group. When you need to do what you need to do now, you
could just remove them from administrators group and disable their accounts
- problem solved - or you could delete them, it depends on what your
employee-going-away policy is.

Also, you didn't specify if your organization has Active Directory
implemented or the servers are in a workgroup.

--
Pozdrav
===========
From: Rich Wonneberger on 19 Jun 2010 20:01
Matija,

What do you do if that one person dies?
Sorry if I'm just cheerful.

Rich W.


Matija Kapraljevic [Revenger] wrote:
> On Thu, 17 Jun 2010 11:17:08 -0400, Kenn wrote:
>
> In addition to what Pegasus already said, there should be one and only one
> person that knows the administrator accounts password.
>
From: Hank Arnold on 20 Jun 2010 04:48
SOP is to have the critical passwords like this one in hard copy and
locked up with access only by specific individuals.


Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
http://it.toolbox.com/blogs/personal-pc-assistant/

On 6/19/2010 8:01 PM, Rich Wonneberger wrote:
> Matija,
>
> What do you do if that one person dies?
> Sorry if I'm just cheerful.
>
> Rich W.
>
>
> Matija Kapraljevic [Revenger] wrote:
>> On Thu, 17 Jun 2010 11:17:08 -0400, Kenn wrote:
>>
>> In addition to what Pegasus already said, there should be one and only
>> one
>> person that knows the administrator accounts password.
>>
 |  Next  |  Last
Pages: 1 2
Prev: SCCM Eval in HyperV
Next: Access Denied to Files in a Server Profile - HELP!!!