Need help urgently!

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Dear all,
One of workstations at my workplace infected with virus which logged the key
press done on that Pc and I believe it is already out there somewhere.
I need to change the admin password urgently but I'd like to make sure that
all the services will run successfully after that.
I have a single domain with file server, SQL server and exchange server,
each running on different machines. All servers are member servers of the DC.
If I change the admin password on the DC what services that will be affected
by this?
Any help would be greatly appreciated.

TIA,
Sugih
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

In article <52ED2961-5E76-4933-B593-30FBA17B99C2@microsoft.com>, in the
microsoft.public.win2000.security news group, =?Utf-8?B?U3VnaWg=?=
<Sugih@discussions.microsoft.com> says...

> I have a single domain with file server, SQL server and exchange server,
> each running on different machines. All servers are member servers of the DC.
> If I change the admin password on the DC what services that will be affected
> by this?
> Any help would be greatly appreciated.
>

The only way changing the administrator password on the DC will affect
any services is if you are using that account as the service account for
those services. Only you can determine whether or not that is the case.
If you are, you shouldn't be. That is a really, really bad idea from a
security perspective.

If you're responsible for your domain and you can't answer this question
for yourself then you've got other problems. For one thing, you don't
have your network documented correctly.

--
Paul Adare
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

What version of Exchange? If pre-E2k, is the Exchange Service account using
your administrator account, or a separate service account? If the former,
this is not much fun to change


Note - you must implement good centralized AV software for workstations- and
get Exchange-aware AV as well.


Sugih wrote:
> Dear all,
> One of workstations at my workplace infected with virus which logged
> the key press done on that Pc and I believe it is already out there
> somewhere. I need to change the admin password urgently but I'd like
> to make sure that all the services will run successfully after that.
> I have a single domain with file server, SQL server and exchange
> server, each running on different machines. All servers are member
> servers of the DC. If I change the admin password on the DC what
> services that will be affected by this?
> Any help would be greatly appreciated.
>
> TIA,
> Sugih
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

By default the built in domain administrator password is not used nor should be used
as the authenticating account for any services. In general the built in domain
administrator account should not be used and any administrator for the domain should
only logon to known clean and secured domain computers to avoid what has happened.
Regular trusted domain users can be added the local administrators account of domain
computers if they need to be managed. The "virus" you found may have been placed
there on purpose by an insider. --- Steve


"Sugih" <Sugih@discussions.microsoft.com> wrote in message
news:52ED2961-5E76-4933-B593-30FBA17B99C2@microsoft.com...
> Dear all,
> One of workstations at my workplace infected with virus which logged the key
> press done on that Pc and I believe it is already out there somewhere.
> I need to change the admin password urgently but I'd like to make sure that
> all the services will run successfully after that.
> I have a single domain with file server, SQL server and exchange server,
> each running on different machines. All servers are member servers of the DC.
> If I change the admin password on the DC what services that will be affected
> by this?
> Any help would be greatly appreciated.
>
> TIA,
> Sugih