Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Local Administrator password change for many computers
From: Jason Gates <jasongates () SOUTHERN EDU>
Date: Sun, 7 Oct 2012 16:10:19 +0000

I was concerned about how GPP stores the credentials. From what I read, any authenticated user could read SYSVOL, and 
the key used to encrypt the password is easily attainable.

sources:
http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx
http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferences

--
Jason Gates
IT Security Consultant
Southern Adventist University
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of George 
Chiorescu-Petre [George.Chiorescu () PROVISION RO]
Sent: Sunday, October 07, 2012 11:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Administrator password change for many computers

Why aren't you using group policy? I saw you looked into it.

George
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of H Morrow Long 
[morrow.long () YALE EDU]
Sent: Friday, October 05, 2012 8:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Administrator password change for many computers

There are a number of commercial vendor solutions of SAPM (Gartner term – Secure Administrator Password Management) 
packages to track, set, reset and invalidate local administrator and 'service' accounts across servers :

Cyber-Ark
Lieberman
Symark (PowerKeeper)
CA
Etc…

From: Jason Gates <jasongates () SOUTHERN EDU<mailto:jasongates () SOUTHERN EDU>>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Friday, October 5, 2012 12:20 PM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Local Administrator password change for many computers

Has anyone come across a good method for changing local administrator passwords on many computers?
I've looked into:
pspasswd from sysinternals
group policy preferences
SCCM scripts

I'm not impressed with how GPP obfuscates the password, scripts are insecure(?) and pspasswd is not very ellegant since 
it requires the computer to be alive at the time its run.
Any other ideas?
--
Jason Gates
IT Security Consultant
Southern Adventist University


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]