Jump to content

Advisable to set Administrator Password?


Recommended Posts

Hi, recently I've receive an email from my system administrator asking me to set a password to the local administrator account for every computer in the company. I believe this is so because this might help to prevent hacking as well as virus.

As the situation now is that the administrator's password is blank for all the computers.

I hope you all can share some views on how to go about creating the password for the administrator. Also, by creating the administrator password, will it help to reduce the chances of getting hacked?


Edited by Kindovic
Link to comment
Share on other sites

Is this an active directory environment? If so you can use group policy to set a startup script for all computers in the domain. Have it run

@echo off
net user administrator password > NUL 2>&1

This will set the administrator password to "password" (have it be whatever you want, of course"). The "> NUL 2>&1" is so that the output won't show up in the command window that opens, i.e. it'll just be a blank window that pops up for a split second.

Now, since this will have your password in plain text, it's imperative that you keep the script safe. Wherever you store it on the server, make sure that only domain admins have even read access to it - users don't need to have read access for machine startup scripts.

The other option, if you are not in an AD environment, is to just put that script on a cd, have it autorun, and go around to all the computers and just pop in the cd and pop it out. You could make a version that has a little bit of feedback, too, for that purpose:

@echo off
title Set Admin password
echo Sets admin password
set /p manDef=Use default, or set manually? (m/d)
if /i %manDef% == m goto M
if /i %manDef% == d goto D
echo Please choose m for Manual or D for Default.
goto chooseMethod
net user administrator *
goto done
net user administrator password
if %errorlevel% == 0 goto done
echo An error occurred. Attempt manually:
net user administrator *
echo Done

And to answer your other question... yes it will keep you more secure to have an admin password, and if you have a corporate image, you should definitely have an admin password on it by default that goes to all newly imaged machines.

Link to comment
Share on other sites

The strength of the local admin password has no bearing on how vulnerable you are to external attacks. HOWEVER, if someone does gain access the first thing he, or she will try is a blank password b/c that's Windows default. If I worked there, I wouldn't want you to reset the local admin password b/c I love having access to everyone's system/data, especially when the CEO is talking about personnel cuts. ;) Internal or external source aside, can your company/group afford to have all their data accessible as if it was posted on the bulletin board in the lunch room?

We periodically run an admin script that sets the local admin password to a 12+ character complex phrase that is changed by security every 90 days.

Edited by Mordac85
Link to comment
Share on other sites

For better security in this realm...

Rename the builtin administrator account to something else.

Set a password

Create a new user, named "administrator"

Set a password (or don't)

Remove this user from the USERS group and put it only in the GUESTS group

I also suggest renaming the builtin guest account and disabling that as well, unless you're using simple file sharing (I don't recommend that either).

You can set a "password required flag" for users by using the following command:

NET USER [username] /passwordreq:yes

Edited by TheFlash428
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...