Click here to get back home

Safe Keeping passwords
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Safe Keeping passwords Jay Quadri 07-06-2005
Posted by Jay Quadri on July 6, 2005, 9:53 pm
Please log in for more thread options
 A copy of all our server passwords & keys are always kept in a locked safe,
the problem is whenever somebody need access to the safe to retrieve a
particular password or key, I have to go round and change the passwords
again on all servers. I am tired of having to do this often, can somebody
suggest ways or strategy of keeping multiple passwords safe.
Regards
JB



Posted by Steven L Umbach on July 7, 2005, 2:05 am
Please log in for more thread options
 Why do you have to change all the passwords?? Are these persons not
trusted?? Maybe it would help if someone that was trusted opens the safe
and gives the user the password to only the server they need to access to
instead of a list that contains passwords for all the servers. --- Steve


>A copy of all our server passwords & keys are always kept in a locked safe,
> the problem is whenever somebody need access to the safe to retrieve a
> particular password or key, I have to go round and change the passwords
> again on all servers. I am tired of having to do this often, can somebody
> suggest ways or strategy of keeping multiple passwords safe.
> Regards
> JB
>




Posted by Olaf Engelke [MVP Windows Serv on July 7, 2005, 3:29 pm
Please log in for more thread options
Hi Steven,
Steven L Umbach wrote:
> Why do you have to change all the passwords?? Are these persons not
> trusted?? Maybe it would help if someone that was trusted opens the
> safe and gives the user the password to only the server they need to
> access to instead of a list that contains passwords for all the
> servers.

there are IT staff and there are users.
Both groups usually thing different about the need of security.
Best greetings from Germany
Olaf


Posted by Roger Abell on July 7, 2005, 7:46 am
Please log in for more thread options

Would it not be more simple to go to the one machine and
log in for them rather than visiting all later? Then you only
need to visit, log in and inspect, and alter passwords on the
one after they have finished (recognizing that they are not
trusted one really should not stop at just changing the one
password).

Anyway, while there are ways to automate the password
change, it would seem you have a bigger issue, namely
untrusted people. You simply should never let an untrusted
person access a machine as an admin.

--
Roger Abell
Microsoft MVP (Windows Security)

> A copy of all our server passwords & keys are always kept in a locked
safe,
> the problem is whenever somebody need access to the safe to retrieve a
> particular password or key, I have to go round and change the passwords
> again on all servers. I am tired of having to do this often, can somebody
> suggest ways or strategy of keeping multiple passwords safe.
> Regards
> JB
>




Posted by Steven L Umbach on July 7, 2005, 11:58 am
Please log in for more thread options
To add to Rogers fine advice you can use the Resource Kit tool cusrmgr to
reset passwords via a batch file as per the link below if that, for some
reason, is still your only option to change all the passwords each time. I
am assuming that the servers all have different passwords. If not there are
easier ways to change the passwords but I recommend that they do not have
the same password. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;272530 -- using
cusrmgr
http://www.sysinternals.com/Utilities/PsPasswd.html --- another password
tool from SysInternals.

>
> Would it not be more simple to go to the one machine and
> log in for them rather than visiting all later? Then you only
> need to visit, log in and inspect, and alter passwords on the
> one after they have finished (recognizing that they are not
> trusted one really should not stop at just changing the one
> password).
>
> Anyway, while there are ways to automate the password
> change, it would seem you have a bigger issue, namely
> untrusted people. You simply should never let an untrusted
> person access a machine as an admin.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
>> A copy of all our server passwords & keys are always kept in a locked
> safe,
>> the problem is whenever somebody need access to the safe to retrieve a
>> particular password or key, I have to go round and change the passwords
>> again on all servers. I am tired of having to do this often, can
>> somebody
>> suggest ways or strategy of keeping multiple passwords safe.
>> Regards
>> JB
>>
>
>




Similar ThreadsPosted
Keeping service accounts from locking October 13, 2006, 5:14 pm
Priority: Users Home Laptops Brought In To Work (keeping them off company network) December 26, 2006, 12:13 pm
Safe DNS October 5, 2007, 1:43 pm
Is Windows 2003 firewall safe? March 23, 2006, 8:28 am
Is It Safe to Deny Administrators Login by Network to Domain Controller? January 13, 2007, 3:00 am
strong passwords October 6, 2005, 11:02 am
Exporting Passwords January 15, 2006, 3:20 pm
Question on passwords June 9, 2006, 3:07 pm
Computer Passwords September 14, 2006, 9:32 am
Can I have two passwords for one user? June 6, 2007, 7:50 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap