Built-in Administrator acct. for Domain be password never expires?

Discussion in 'Security Software' started by Guest, Oct 2, 2006.

  1. Guest

    Guest Guest

    Are there any risks associated with an expired built-in Administrator
    password? I've been googling but can't seem to quite get results that speak
    to this issue.
     
    Guest, Oct 2, 2006
    #1
    1. Advertisements

  2. The risk is that you cannot log in with the account once the password has expired without
    resetting it. If an attacker is able to determine the original password, due to poor password
    implementation, they could change the password from under you.
    Brian
     
    Brian Komar [MVP], Oct 2, 2006
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    So is it better practice to have it expire, or to never expire?
     
    Guest, Oct 2, 2006
    #3
  4. In
    You can't make the built-in domain admin account password expire, to the
    best of my knowlege.

    Really, nobody should be using that account for their admin work anyway, nor
    should it be used to run system services. Just set it up with a good,
    complex password, write that down on a piece of paper and put it in a sealed
    envelope, and give that to the company owner so that he or she can fire the
    entire IT department without getting screwed over. Any techs working on the
    network should have two accounts - one for daily use (user only), and
    another that has the delegated domain permissions they need to do their
    jobs. Complex passwords & regular changes should be forced.

    This is an "ideal world" setup, but hey, we can strive for that, right?
     
    Lanwench [MVP - Exchange], Oct 3, 2006
    #4
  5. I have to go with Lanwench on this one. Complexity is good. Keep it in a safe. Break glass in
    case of emergency
    Brian
     
    Brian Komar [MVP], Oct 3, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.