Password polices are an essential part of any security strategy. Most users tend to use too weak passwords because they are easier to memorize, thereby, endangering your whole network. In a Windows 2000/2003 domain you can only enforce one password and lockout policy for all users. Windows Server 2008 enables you now to use multiple password policies. In my view, this is a very interesting new feature.

(more…)

Of course, you can always reset a password if you have another admin account for this machine. However, if this isn’t the case, things can get a bit tricky. As a sys admin you are usually confronted with this problem if users have laptops where you don’t have an admin account. Even if you don’t have to reset a password now, you should get acquainted with this issue. Rest assured that sooner or later a user will bug you with this problem. I must admit that I managed to forget my own password more than once.

(more…)

How many passwords do you use? I’ve already given up counting mine. The list just keeps getting longer and longer, since i use a new password for every application or web site. (I hope you do this too.) Of course, it’s hard to remember all of them. So I save them in an encrypted file using Locknote. Infinite Password Generator offers another solution for this password problem. Instead of saving your passwords with a password manager, you generate the password each time you need it. Sounds strange, but it works.

(more…)

The major problem with any password-saving software is that passwords have to be loaded into the computer’s memory when you want to access them. This is a security risk. Passwordsaver (PWS) is a USB stick that solves this problem. It doesn’t show the passwords on the computer screen, but on its own tiny display.

(more…)

RunAsLimitedUser is a nifty RunAs tool that is so easy to use even for lazy admins. You probably know that Windows comes with a built-in RunAs feature. So-called security experts usually recommend that as a sysop you should only start applications with Administrator privileges when it’s necessary. The most secure way is to work with a normal user account, and start admin tools which need more rights, with an Administrator account. Well, I don’t know any sys admin who really works this way. It is just too time consuming to logon every time you need more privileges. RunAsLimitedUser works the other way around.

(more…)

WinSCP is an Open Source SFTP Client while PuTTY is a free SSH client. Both are must-have tools for Linux Administrators who manage their servers from a Windows client. I guess, there aren’t many sysops out there who don’t know these tools. This blog post describes how one can integrate PuTTY in WinSCP.

(more…)

How do you secure your passwords? As a sys admin you probably have countless accounts and I hope you don’t use the same password for all of them. I use by far too many passwords to remember them all. Writing them down is the only solution.

(more…)