Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I want to change the admin password on a windows server but i have done this


  • Please log in to reply
4 replies to this topic

#1 Jason_H

Jason_H

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 November 2014 - 07:09 PM

Dear Bleeping Computer forum members,

 

I want to change the admin password on a windows server but i have done this before and have been told other passwords need to be changed in "services". I forget what services the passwords need to be changed for can someone point me in the right direction for when I need to change an admin password again.

 

Thank you,

Jason.



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:10 PM

Posted 18 November 2014 - 08:41 PM

If you have added the Administrators account on some services, then you would need to goto start/run and type services.msc and then double click the service you suspect has the admin account on and change the password on the logon tab.

Forgot to mention you should see the user account in the "Logon As" collum.


Edited by JohnnyJammer, 18 November 2014 - 08:42 PM.


#3 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:10:10 AM

Posted 19 November 2014 - 02:11 AM

As JohnnyJammer says for services.

 

It's also worth looking in "Scheduled tasks" for any manually created tasks that have been configured to execute their payload as administrator.

 

On newer versions of windows, open "Task Scheduler", Click on "Task Scheduler Library". Examine any manually created tasks there (there may be tasks for various application updates etc. you can probably ignore them - ). Right click on a task and choose "Properties", On the "General" tab, you will see "when running this task, use the following user account". Update the password of any that were left as administrator....

 

x64



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 19 November 2014 - 10:17 AM

It is a bad practice to use the administrator account for services.  Really for anything. It is the first account targeted by hackers.  I create service accounts for services and assign the appropriated rights. In some environments administrator account has it rights removed after creating other less obvious admin accounts [always have a backup admin account in case of profile corruption].

 

This way you never have to be concerned to what the administrator account is tied to.



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:10 PM

Posted 19 November 2014 - 06:42 PM

Yes i agree as well wanderer, but its literally 10 seconds to populate the entire domain of useraccounts (wmic useraccount list full /format:list).

I have never met anyone who configures anything to run as an administrator that faces the internet and if they did, they deserve to be pwnd or have crackers running none stop!

 

Certain services advise they run under an administrative account, ecspecially BUEXEC.

Token kidnapping through token exchanges between domains and clients is more worrying and impersionation. Security is endless battle and can never be won unless you burn your computer and never use an interner connected device lol.

Even then Sony will always take care of that with a CDROM rootkit loaded!!!!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users