Kindovic Posted September 2, 2008 Share Posted September 2, 2008 (edited) Hi, recently I've receive an email from my system administrator asking me to set a password to the local administrator account for every computer in the company. I believe this is so because this might help to prevent hacking as well as virus.As the situation now is that the administrator's password is blank for all the computers.I hope you all can share some views on how to go about creating the password for the administrator. Also, by creating the administrator password, will it help to reduce the chances of getting hacked?Thanks Edited September 2, 2008 by Kindovic Link to comment Share on other sites More sharing options...
Idontwantspam Posted September 2, 2008 Share Posted September 2, 2008 Is this an active directory environment? If so you can use group policy to set a startup script for all computers in the domain. Have it run @echo offnet user administrator password > NUL 2>&1 exitThis will set the administrator password to "password" (have it be whatever you want, of course"). The "> NUL 2>&1" is so that the output won't show up in the command window that opens, i.e. it'll just be a blank window that pops up for a split second. Now, since this will have your password in plain text, it's imperative that you keep the script safe. Wherever you store it on the server, make sure that only domain admins have even read access to it - users don't need to have read access for machine startup scripts. The other option, if you are not in an AD environment, is to just put that script on a cd, have it autorun, and go around to all the computers and just pop in the cd and pop it out. You could make a version that has a little bit of feedback, too, for that purpose: @echo offtitle Set Admin password clsecho. echo Sets admin password :choosemethodset /p manDef=Use default, or set manually? (m/d) if /i %manDef% == m goto M if /i %manDef% == d goto D echo Please choose m for Manual or D for Default. goto chooseMethod:M net user administrator * goto done :Dnet user administrator password if %errorlevel% == 0 goto done clsecho.echo An error occurred. Attempt manually: net user administrator * :doneclsecho DonepauseclsexitAnd to answer your other question... yes it will keep you more secure to have an admin password, and if you have a corporate image, you should definitely have an admin password on it by default that goes to all newly imaged machines. Link to comment Share on other sites More sharing options...
Kindovic Posted September 2, 2008 Author Share Posted September 2, 2008 thanks for providing me with the script!Will a computer with blank administrator password more prone to attacks? Link to comment Share on other sites More sharing options...
Idontwantspam Posted September 2, 2008 Share Posted September 2, 2008 Of course. If there's no password, anyone can just walk up and log in as administrator with no password. However, they cannot be accessed across the network using the administrator account, as windows doesn't allow network access to accounts with no password. Link to comment Share on other sites More sharing options...
Kindovic Posted September 2, 2008 Author Share Posted September 2, 2008 o... so the hacking is done internally, lol...wat about being hacked externally?? Link to comment Share on other sites More sharing options...
Tripredacus Posted September 2, 2008 Share Posted September 2, 2008 o... so the hacking is done internally, lol...wat about being hacked externally??Hacked internally, yes, but the same would be true if there was a virus or other malicious program installed on the computer. Link to comment Share on other sites More sharing options...
Mordac85 Posted September 4, 2008 Share Posted September 4, 2008 (edited) The strength of the local admin password has no bearing on how vulnerable you are to external attacks. HOWEVER, if someone does gain access the first thing he, or she will try is a blank password b/c that's Windows default. If I worked there, I wouldn't want you to reset the local admin password b/c I love having access to everyone's system/data, especially when the CEO is talking about personnel cuts. Internal or external source aside, can your company/group afford to have all their data accessible as if it was posted on the bulletin board in the lunch room?We periodically run an admin script that sets the local admin password to a 12+ character complex phrase that is changed by security every 90 days. Edited September 4, 2008 by Mordac85 Link to comment Share on other sites More sharing options...
TheFlash428 Posted September 4, 2008 Share Posted September 4, 2008 (edited) For better security in this realm...Rename the builtin administrator account to something else.Set a passwordCreate a new user, named "administrator"Set a password (or don't)Remove this user from the USERS group and put it only in the GUESTS groupI also suggest renaming the builtin guest account and disabling that as well, unless you're using simple file sharing (I don't recommend that either).You can set a "password required flag" for users by using the following command:NET USER [username] /passwordreq:yes Edited September 4, 2008 by TheFlash428 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now