Need help urgently!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear all,
One of workstations at my workplace infected with virus which logged the key
press done on that Pc and I believe it is already out there somewhere.
I need to change the admin password urgently but I'd like to make sure that
all the services will run successfully after that.
I have a single domain with file server, SQL server and exchange server,
each running on different machines. All servers are member servers of the DC.
If I change the admin password on the DC what services that will be affected
by this?
Any help would be greatly appreciated.

TIA,
Sugih
 
microsoft.public.win2000.security news group, =?Utf-8?B?U3VnaWg=?=
I have a single domain with file server, SQL server and exchange server,
each running on different machines. All servers are member servers of the DC.
If I change the admin password on the DC what services that will be affected
by this?
Any help would be greatly appreciated.
Click to expand...

The only way changing the administrator password on the DC will affect
any services is if you are using that account as the service account for
those services. Only you can determine whether or not that is the case.
If you are, you shouldn't be. That is a really, really bad idea from a
security perspective.

If you're responsible for your domain and you can't answer this question
for yourself then you've got other problems. For one thing, you don't
have your network documented correctly.
 
What version of Exchange? If pre-E2k, is the Exchange Service account using
your administrator account, or a separate service account? If the former,
this is not much fun to change


Note - you must implement good centralized AV software for workstations- and
get Exchange-aware AV as well.
 
By default the built in domain administrator password is not used nor should be used
as the authenticating account for any services. In general the built in domain
administrator account should not be used and any administrator for the domain should
only logon to known clean and secured domain computers to avoid what has happened.
Regular trusted domain users can be added the local administrators account of domain
computers if they need to be managed. The "virus" you found may have been placed
there on purpose by an insider. --- Steve
 
Back
Top