The purist would see that that's a week the password could be compromised. I'd probably let it slide though, especially in a small environment.
Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david....@nwea.org] Sent: Monday, January 16, 2012 2:43 PM To: NT System Admin Issues Subject: RE: Quarterly Admin password change Saw that. My mitigation is to use the GPO for a week then nuke it, as our standard builds show follow the new PW convention and the GPO is to just catch up the previously-built systems. Thoughts? Dave From: Brian Desmond [mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]> Sent: Monday, January 16, 2012 12:38 PM To: NT System Admin Issues Subject: RE: Quarterly Admin password change Keep this in mind - http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> Sent: Monday, January 16, 2012 8:04 AM To: NT System Admin Issues Subject: RE: Quarterly Admin password change +1 just did that myself via GPP. Our "local admin maintenance GPO" does two things: * Renames the local admin account. * Sets the password on the added-in local administrator account. Dave From: ed ziots [mailto:ezi...@hotmail.com]<mailto:[mailto:ezi...@hotmail.com]> Sent: Sunday, January 15, 2012 2:49 PM To: NT System Admin Issues Subject: RE: Quarterly Admin password change +1, that is pretty easy one. Also make sure you rename it to something else than "Administrator" and create a dummy admin account which is only a "Guest" and disabled, and audit its attempted use for audit and incident response purposes. Also can script it out with cusrmgr.exe from the Windows 2000 resource kit. Z Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ > From: mich...@smithcons.com<mailto:mich...@smithcons.com> > To: > ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com> > Subject: RE: Quarterly Admin password change > Date: Sun, 15 Jan 2012 22:42:35 +0000 > > Easy to do with GPP or with a script. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > -----Original Message----- > From: Juned Shaikh > [mailto:jsha...@gmail.com]<mailto:[mailto:jsha...@gmail.com]> > Sent: Sunday, January 15, 2012 5:16 PM > To: NT System Admin Issues > Subject: Quarterly Admin password change > > I am trying to identify how are you folks managing the security requirement > of changing Local admin password of all servers quarterly? > > Thanks in advance, > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin