Safe Keeping passwords

Discussion in 'Server Security' started by Jay Quadri, Jul 6, 2005.

  1. Jay Quadri

    Jay Quadri Guest

    A copy of all our server passwords & keys are always kept in a locked safe,
    the problem is whenever somebody need access to the safe to retrieve a
    particular password or key, I have to go round and change the passwords
    again on all servers. I am tired of having to do this often, can somebody
    suggest ways or strategy of keeping multiple passwords safe.
    Regards
    JB
     
    Jay Quadri, Jul 6, 2005
    #1
    1. Advertisements

  2. Why do you have to change all the passwords?? Are these persons not
    trusted?? Maybe it would help if someone that was trusted opens the safe
    and gives the user the password to only the server they need to access to
    instead of a list that contains passwords for all the servers. --- Steve
     
    Steven L Umbach, Jul 7, 2005
    #2
    1. Advertisements

  3. Hi Jay,
    the simple solution:
    one machine = one closed envelope.
    Best greetings from Germany
    Olaf.
     
    Olaf Engelke [MVP Windows Server], Jul 7, 2005
    #3
  4. Hi Steven,
    there are IT staff and there are users.
    Both groups usually thing different about the need of security.
    Best greetings from Germany
    Olaf
     
    Olaf Engelke [MVP Windows Server], Jul 7, 2005
    #4
  5. Jay Quadri

    Roger Abell Guest

    Would it not be more simple to go to the one machine and
    log in for them rather than visiting all later? Then you only
    need to visit, log in and inspect, and alter passwords on the
    one after they have finished (recognizing that they are not
    trusted one really should not stop at just changing the one
    password).

    Anyway, while there are ways to automate the password
    change, it would seem you have a bigger issue, namely
    untrusted people. You simply should never let an untrusted
    person access a machine as an admin.
     
    Roger Abell, Jul 7, 2005
    #5
  6. To add to Rogers fine advice you can use the Resource Kit tool cusrmgr to
    reset passwords via a batch file as per the link below if that, for some
    reason, is still your only option to change all the passwords each time. I
    am assuming that the servers all have different passwords. If not there are
    easier ways to change the passwords but I recommend that they do not have
    the same password. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;en-us;272530 -- using
    cusrmgr
    http://www.sysinternals.com/Utilities/PsPasswd.html --- another password
    tool from SysInternals.
     
    Steven L Umbach, Jul 7, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.