Anti-Spyware Forums


Reply
Thread Tools Display Modes

Built-in Administrator acct. for Domain be password never expires?

 
 
Guest
Posts: n/a

 
      02-10-2006, 07:01 PM
Are there any risks associated with an expired built-in Administrator
password? I've been googling but can't seem to quite get results that speak
to this issue.


 
Reply With Quote
 
 
 
 
Brian Komar [MVP]
Guest
Posts: n/a

 
      02-10-2006, 08:19 PM
In article <#(E-Mail Removed)>, <-> says...
> Are there any risks associated with an expired built-in Administrator
> password? I've been googling but can't seem to quite get results that speak
> to this issue.
>
>
>

The risk is that you cannot log in with the account once the password has expired without
resetting it. If an attacker is able to determine the original password, due to poor password
implementation, they could change the password from under you.
Brian
 
Reply With Quote
 
 
 
 
Guest
Posts: n/a

 
      02-10-2006, 10:43 PM
So is it better practice to have it expire, or to never expire?


"Brian Komar [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> In article <#(E-Mail Removed)>, <-> says...
>> Are there any risks associated with an expired built-in Administrator
>> password? I've been googling but can't seem to quite get results that
>> speak
>> to this issue.
>>
>>
>>

> The risk is that you cannot log in with the account once the password has
> expired without
> resetting it. If an attacker is able to determine the original password,
> due to poor password
> implementation, they could change the password from under you.
> Brian



 
Reply With Quote
 
Lanwench [MVP - Exchange]
Guest
Posts: n/a

 
      03-10-2006, 01:21 AM
In news:%(E-Mail Removed),
- <-> typed:
> Are there any risks associated with an expired built-in Administrator
> password? I've been googling but can't seem to quite get results
> that speak to this issue.


You can't make the built-in domain admin account password expire, to the
best of my knowlege.

Really, nobody should be using that account for their admin work anyway, nor
should it be used to run system services. Just set it up with a good,
complex password, write that down on a piece of paper and put it in a sealed
envelope, and give that to the company owner so that he or she can fire the
entire IT department without getting screwed over. Any techs working on the
network should have two accounts - one for daily use (user only), and
another that has the delegated domain permissions they need to do their
jobs. Complex passwords & regular changes should be forced.

This is an "ideal world" setup, but hey, we can strive for that, right?


 
Reply With Quote
 
Brian Komar [MVP]
Guest
Posts: n/a

 
      03-10-2006, 04:07 AM
I have to go with Lanwench on this one. Complexity is good. Keep it in a safe. Break glass in
case of emergency
Brian

In article <(E-Mail Removed)>, <-> says...
> So is it better practice to have it expire, or to never expire?
>
>
> "Brian Komar [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > In article <#(E-Mail Removed)>, <-> says...
> >> Are there any risks associated with an expired built-in Administrator
> >> password? I've been googling but can't seem to quite get results that
> >> speak
> >> to this issue.
> >>
> >>
> >>

> > The risk is that you cannot log in with the account once the password has
> > expired without
> > resetting it. If an attacker is able to determine the original password,
> > due to poor password
> > implementation, they could change the password from under you.
> > Brian

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Administrator Account or Domain Administrator Account? mosquito_hippy Security Software 2 25-03-2009 08:29 PM
Domain user is seen as domain administrator? Giedrius Security Software 4 31-05-2006 08:57 AM
Domain User -> Configure as Local Administrator WhoC@nItbN0W Security Software 1 10-12-2005 03:43 PM
AD Domain Administrator Priv/rights Marc Johnson Security Software 3 30-09-2005 01:42 PM
2003 Domain Controller Local Administrator Password Gaza Security Software 6 01-03-2005 06:14 AM


All times are GMT. The time now is 09:05 AM.