Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Local Administrator password change for many computers
From: George Chiorescu-Petre <George.Chiorescu () PROVISION RO>
Date: Sun, 7 Oct 2012 15:16:44 +0000

Why aren't you using group policy? I saw you looked into it.

George
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of H Morrow Long 
[morrow.long () YALE EDU]
Sent: Friday, October 05, 2012 8:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Administrator password change for many computers

There are a number of commercial vendor solutions of SAPM (Gartner term – Secure Administrator Password Management) 
packages to track, set, reset and invalidate local administrator and 'service' accounts across servers :

Cyber-Ark
Lieberman
Symark (PowerKeeper)
CA
Etc…

From: Jason Gates <jasongates () SOUTHERN EDU<mailto:jasongates () SOUTHERN EDU>>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Friday, October 5, 2012 12:20 PM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Local Administrator password change for many computers

Has anyone come across a good method for changing local administrator passwords on many computers?
I've looked into:
pspasswd from sysinternals
group policy preferences
SCCM scripts

I'm not impressed with how GPP obfuscates the password, scripts are insecure(?) and pspasswd is not very ellegant since 
it requires the computer to be alive at the time its run.
Any other ideas?
--
Jason Gates
IT Security Consultant
Southern Adventist University


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault