Educause Security Discussion
mailing list archives
Re: Local Administrator password change for many computers
From: George Chiorescu-Petre <George.Chiorescu () PROVISION RO>
Date: Sun, 7 Oct 2012 15:16:44 +0000
Why aren't you using group policy? I saw you looked into it.
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of H Morrow Long
[morrow.long () YALE EDU]
Sent: Friday, October 05, 2012 8:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Administrator password change for many computers
There are a number of commercial vendor solutions of SAPM (Gartner term – Secure Administrator Password Management)
packages to track, set, reset and invalidate local administrator and 'service' accounts across servers :
From: Jason Gates <jasongates () SOUTHERN EDU<mailto:jasongates () SOUTHERN EDU>>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Friday, October 5, 2012 12:20 PM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Local Administrator password change for many computers
Has anyone come across a good method for changing local administrator passwords on many computers?
I've looked into:
pspasswd from sysinternals
group policy preferences
I'm not impressed with how GPP obfuscates the password, scripts are insecure(?) and pspasswd is not very ellegant since
it requires the computer to be alive at the time its run.
Any other ideas?
IT Security Consultant
Southern Adventist University