Making the local administrator passwords unique
One of the problems of almost all companies is that the local admin passwords for Windows clients are the same for all clients. This implies that if you get one of the client computer's local admin password, you can use it for all the company computers. Further, if you are not using a disc encryption solution, obtaining the hash of the Security Account Manager (SAM) file password is very easy. The worse bit is that Windows enables the use of hash to authenticate, which means that you can directly use the hash to log in to other computers and do not need to crack the hash to get the real password. The solution to this problem is to differentiate the local admin password and make it unique for all your clients. This will ensure that one local admin password/hash is usable only for that computer.
In this section, we will create a localadmin module. The module will create a local user with admin rights for each computer. It will also generate a...
