Administrator Password Tips
I just finished my CCSP certification ... trying to get the Certified
Ethical Hacker Certification... that will really
get me established in the Network Security field. My goal is
to...get a job in the Tokyo Financial district maybe in one of the
investment banks to protect and secure their networks...thanks for all the
help and guidance you have given me throughout my career...
here for more testimonials...
Schedule - Class Announcements
Master Class Schedule
Nite & Weekend Classes
Classroom rental meeting rooms
Classroom photo albums
Pre-registration instructions for corporate IT training classes
Night, Evening, and Saturday Classes
Microsoft Office Training / MCAS
Microsoft 70-291 BootCamp in Feb 2009
Windows 2008 Training and Free Server
A+ Network+ Security+
Fiber Optics & Cat-5
DoD Inst 8570.01-M Mandate
Project Mgmt & PMP
Military appreciation prices for Cisco certs
Driving, Dining, and Hotel information
Bad weather closings?
Job opportunities for trainers
Job opportunities for students and graduates
On-line registration form
Free computer training tutorials
Dictionary of computer training acronyms
Administrator Password Security Tips - from a Master Hacker.
NOTE: The author of most of these comments is a computer security professional, who has asked that personal identity not be disclosed. This author is currently employed, full-time, in a position that requires travel around the globe regularly, to different locations to attempt to "hack" the computer security. (The author also wears a white hat - so don't be afraid to follow this tip.)
I have some concerns with the password tips given on the site below ( http://go.techtarget.com/r/1981127/281587 ).
The very first tool that is recommended in that article is PSPasswd, which can be used along with a batch file to automatically change the local administrator password on local and remote machines.
The local administrator password should NEVER be the same as the domain administrator password!
Second, the local administrator password on one machine should not be the same as the password on another.
If this is too much of a management burden, at least ensure that local admin passwords on domain controllers differ significantly.
Ideally, the passwords should all be different. Log them in a
binder, and put the binder in a fire-proof safe. Minimize employee
access to the safe/vault. [Only use the local administrator
password, when it is absolutely necessary. In a domain, your
domain login will normally be all you will need to administer a
There is a way to use this CD in such a manner that allows local
administrator log-in without a password, while at the same time leaving
the original password intact. No, I am not kidding; and no, I will not
tell anyone how.
Surprisingly, I can often spread to the domain controllers in this
manner, even if the domain admin password is different. Once I can load
my own software on your network, it is not your network anymore!!
You should enable NTLM, DISABLE LM, and require a minimum password length of 15 characters. [Note: Active Directory wil not allow you to set minimum password length to 15 characters, so set Active Directory minimum password policy to 14 characters, and make 15 characters a written policy.]
Complexity does not matter as far as cracking is concerned. [In fact
a "Complex passwords" policy, as it is currently known in the
computer-world is counter-productive. It just makes passwords
harder to remember. Teach people to create long, easy to remember
(for them) "Pass-phrases." A good example might be "Password is
not enough!" This far-exceeds the required 14 characters, is complex
(upper and lower case characters, special characters, and spaces), and
easy to remember. With pass-phrases implemented, you can even
relax the requirement to change passwords to once a quarter or twice a
year.] With a long password or pass-phrase, even shoulder-surfing
becomes difficult. Trust me. ;)
We are an OppInc/Workforce Investment Act (
http://nex-step.org/job_seekers/workforce_centers.htm ) Approved Contractor;
we participate with Tidewater Community College's (TCC) Virginia
Workforce Development program (
http://www.tcc.edu/wd/ ); and we are
approved for GI Bill computer certification.
We can even refer you to a bank (if your credit is good, or you have a