Windows & .NET Magazine Security UPDATE--Changing the Administrator Password--January 28, 2004
==== This Issue Sponsored By ====
Exchange & Outlook Administrator http://www.exchangeadmin.com/rd.cfm?code=fsep234xup
1. In Focus: Changing the Local Administrator Password
- Need a SQL Server Time-Saver?
- Download a Free eBook--"A Guide to Group Policy"
3. Security News and Features
- Recent Security Vulnerabilities
- News: New MyDoom Email Virus Spreads Quickly
- News: MBSA 1.2 Now Available
- Feature: Microsoft Baseline Security Analyzer
4. Instant Poll
- Results of Previous Poll: Online Fraud
- New Instant Poll: Wireless Networking
5. Security Toolkit
- Virus Center
- Virus Alert: Bagle.A
- FAQ: How Can I Use the Active Directory Connector (ADC) Tools for Exchange Server 2003?
- Featured Thread: Local Administrator Account
- New--Microsoft Security Strategies Roadshow!
7. New and Improved
- Communications Security for Corporate Desktops
- Honeypot Detects Intrusion
- Tell Us About a Hot Product and Get a T-Shirt
8. Contact Us
See this section for a list of ways to contact us.
==== Sponsor: Exchange & Outlook Administrator ====
Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and down time. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now!
==== 1. In Focus: Changing the Local Administrator Password ====
by Mark Joseph Edwards, News Editor, [email protected]
In many network environments, preventing users from having access to the local Administrator account is a good idea. Otherwise, a user could use the account to log on and make unauthorized changes to the system and possibly access unauthorized resources on the network.
A typical scenario for configuring the various user accounts on a network is to establish user accounts that have only the access capabilities required for a user to perform his or her work and to set the local Administrator account password on each machine to something unknown to nonadministrative users. In environments with multiple domains, setting the local Administrator password to a different value in each domain is often a good idea. You should also periodically change the local Administrator passwords.
If your network has dozens, hundreds, or even thousands of machines, changing passwords across all the machines can be challenging, especially if you don't use Active Directory (AD). A reader recently wrote, asking how to perform such a task in an environment without AD. Two ideas come to mind: using a third-party tool or using scripts.
If you prefer the third-party tool option, several tools on the market might fit your needs. Some password-changing tools come as parts of network-management packages, and some are more tailored to the task at hand. Back in October 2001, I mentioned a tool called DCPC, which can change all the local Administrator passwords across a network. Some people have told me they aren't comfortable using it because it's freeware and because it comes from a company that doesn't appear to be very established. I haven't used DCPC and can't vouch for its trustworthiness, but it's still available.
Another tool you might consider is Hyena, which is available from SystemTools Software. Hyena performs a variety of tasks, among them the ability to change local Administrator passwords on multiple machines across a network. I think it's reasonably priced, and according to the Web site, you can download a fully functional evaluation version. Other solutions are undoubtedly available, so do some research and shop around to find a solution that fits your needs.
If you just need to change the local Administrator password on a few machines, consider using cusrmgr.exe, which is available in the "Microsoft Windows 2000 Resource Kit." The tool works for Win2K and Windows NT systems. You can read more about cusrmgr.exe in the Microsoft article "How to Use the Cusrmgr.exe Tool to Change Administrator Account Password on Multiple Computers."
If you don't mind using scripts, try the Win32::AdminMisc Perl module (available at the first URL below), developed by Windows & .NET Magazine author Dave Roth. The Windows & .NET Magazine article "How to Manage Your Enterprise's Passwords the Easy Way" (at the second URL below) explains how to manage local Administrator passwords by using Win32::AdminMisc. The article offers detailed explanations and Perl source code that you can modify to fit your needs.
Be aware that when you use some tools--including scripts--passwords might travel over your network in clear text, which means that someone using a packet sniffer could obtain them. So consider that possibility when choosing a solution for password management.
==== 2. Announcements ====
(from Windows & .NET Magazine and its partners)
Need a SQL Server Time-Saver?
SQL Server Magazine is a valuable treasury of SQL Server tools and content. As a subscriber, you'll receive 12 print issues and gain access to the entire online article archive, endless code listings, valuable tips and tricks, and more. Bonus--the System Table Map poster and Subscriber Benefits Card. Subscribe today!
Download a Free eBook--"A Guide to Group Policy"
Find essential information for understanding and using Group Policy in Windows Server 2003 and Windows 2000 networks such as rolling out network security settings, controlling client desktops, deploying software, and performing a variety of other vital administrative functions. Download this eBook today!
==== Sponsor: Virus Update from Panda Software ====
Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.
Visit "Panda's GateDefender Stands Guard!" at
for more information.
==== 3. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
News: New MyDoom Email Virus Spreads Quickly
A new email virus called MyDoom is spreading rapidly across the Internet through UNIX mail servers, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor. The MyDoom email message has the following text in the body of the message: "The message contains Unicode characters and has been sent as a binary attachment." The subject lines and attachment names vary, but typical subject lines are "Mail Delivery System" or "Mail Transaction Failed." The attachments often appear as .zip files (e.g., document.zip, message.zip, readme.zip) but can have virtually any extension, including .exe, .cmd, or .pif. Read more about it in the linked article.
News: MBSA 1.2 Now Available
Microsoft released a new version of the Microsoft Baseline Security Analyzer (MBSA) 1.2, which now has a graphical command-line interface and support for English, French, German, and Japanese languages. Read more about it on our Web site.
Feature: Microsoft Baseline Security Analyzer
Learn how to install, configure, and use MBSA in Jeff Fellinge's article.
==== 4. Instant Poll ====
Results of Previous Poll: Online Fraud
The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Have you, your company, or someone you know been a victim of online fraud?" Here are the results from the 95 votes.
- 38% Yes
- 58% No
- 4% Not sure
New Instant Poll: Wireless Networking
The next Instant Poll question is, "Does your company use wireless networking?" Go to the Security Web page and submit your vote for
- Yes, we use 802.11a
- Yes, we use 802.11b - Yes, we use 802.11g
==== 5. Security Toolkit ====
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
Virus Alert: Bagle.A is a nondestructive worm that spreads in an email message with the subject "Hi." The message includes an attached file with a name that consists of several random characters and has an .exe extension. Bagle.A is designed to cease working after today (January 28). The worm attempts to connect to several Web pages (now disabled) through port 6777 to update itself and create an inventory of the affected users. The worm also attempts to download files and cause them to run on an affected computer.
FAQ: How Can I Use the Active Directory Connector (ADC) Tools for Exchange Server 2003?
by John Savill, http://www.winnetmag.com/windowsnt20002003faq
A. The ADC is responsible for synchronizing information between an Exchange Server 5.5 directory and Active Directory (AD). With the release of the Exchange 2003 version of ADC, Microsoft addressed many of the concerns related to the complexity of using the connector by simplifying the process of creating connection agreements and resolving known problems.
Read the rest of this FAQ, which includes detailed instructions about using the ADC, on our FAQ site.
Featured Thread: Local Administrator Account
(Two messages in this thread)
A user writes that he has a Windows 2000 Professional computer with one account (Administrator) whose password he's forgotten. He wants to know how to access the system locally to change the password without having to reinstall the OS. Lend a hand or read the responses:
==== 6. Event ====
New--Microsoft Security Strategies Roadshow!
We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour.
==== 7. New and Improved ====
by Jason Bovberg, [email protected]
Communications Security for Corporate Desktops
SSH Communications Security announced SSH Tectia Client/Server 4.0, a multiplatform secure-communications solution based on Secure Shell (SSH) technology. SSH Tectia Client/Server consists of three product modules: SSH Tectia Server 4.0, SSH Tectia Client 4.0, and SSH Tectia Connector 4.0. The modules use standards-based encryption and authentication to deploy secure communications for business-critical applications without the need to modify supporting IT infrastructures or applications. For pricing and ordering information, contact SSH Communications Security at 650-251-2700 or on the Web.
Honeypot Detects Intrusion
KeyFocus announced KFSensor 2.0, the latest version of the company's honeypot-based Intrusion Detection System (IDS). KFSensor emulates services and gathers information about hackers when they attack. The new version of KFSensor extends the product's emulation and reporting features. For pricing and ordering information, contact KeyFocus on the Web.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]
==== Sponsored Links ====
Comparison Paper: The Argent Guardian Easily Beats Out MOM
==== 8. Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
Copyright 2004, Penton Media, Inc. All rights reserved.