You can use logon account auditing to track the use of the domain admin
account. You can use the generated event log messages to identify
machine names and IP addresses (depends on whether they are using
Kerberos or a legacy authentication protocol) of what is using it.
Then you can possibly script it, but there is no easy way to change it
when it is hard coded across the network.
Don Jones and others have made free scripts available on the Internet to
change domain passwords that are also used in service accounts, like
domain admin. But you sound like it is hard coded in other programs, and
how you change them depends on how they are hard coded and where.
Of course the larger issue is that you probably should not be using any
process that requires a hard coded admin password. You should create
custom service accounts with the necessary privileges whenever possible.
Roger
*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@infoworld.com or roger@banneretcs.com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Gary Collis
Sent: Thursday, February 01, 2007 3:41 PM
To: security-basics@lists.securityfocus.com
Subject: Changing the domain admin password.
Time has come to change the domain admin password. Unfortunately this is
used (hardcoded?) across the network in lots of different places,
services, virus downloads etc. Does anyone know of a way for me to audit
the admin account so I can see where it is currently in use.
Has anyone got any other tips for changing the domain admin password
without lots of pain?
Thanks,
