Submitted by Howard Jares

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in a database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass

Rate this tool: (9 votes, average: 4.56 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

In my last post, I gave some advice on how to manage the built-in administrator account on desktops in a corporate network. Today, I will introduce a great tool, passgen, that was originally published in Steve Riley and Jesper Johansson’s book Protect Your Windows Network. Passgen has been available as a free download for some time now, and I think it can be of great help to secure the desktops in your network.

As I outlined in my previous post, using unique passwords for local administrators on all machines greatly improves security. Passgen is a command line tool that allows you to do just that remotely. All you need is a text file that contains a list of all computers in your network. Another option is to run the tool in a startup script.

The main idea of the tool is to create a unique password by using an identifier and a pass phrase. The identifier is just the computer name, which you can import from a text file. This part will always be the same whenever it is time to set a new password on all your machines. The pass phrase is the variable part, which you can change the next time you reset the password.

(more…)

Rate this tool: (1 votes, average: 4.00 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

Some days ago, I wrote an article about the alleged superpowers of the built-in administrator account. As it turned out, the local administrator has more or less the same privileges as the other administrator accounts, but this doesn’t mean that it doesn’t require extra care. In this article, I will share some tips on how to handle the built-in administrator account in a corporate environment. These are partially based on an article by security expert Jesper Johansson, although our opinions on some points differ.

Disable the built-in Administrator account

On Vista machines the built-in administrator account is disabled by default. This is a good a thing. Of course, it is the primary target of all hackers (I don’t distinguish between hackers and crackers; it is all the same to me). I also recommend disabling the built-in Administrator account on all XP machines.

(more…)

Fine-grained password polices are certainly an important enhancement of Windows Server 2008. Whereas in Windows Server 2003 domains, you can only have one policy for all user groups, Windows Server 2008 domains’ fine-grained password polices allow you to configure password and lockout polices for different sets of users. The only problem with this new feature is that configuring it is quite labor-intensive. I described the configuration of Windows Server 2008’s fine-grained policies in detail a while back. With Specops Password Policy Basic, a free tool, it is much easier to define and manage policies.

(more…)

Rate this tool: (3 votes, average: 2.67 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

Submitted by Alex Vovk

Password Expiration Notifier periodically checks all users in the specified Active Directory domain to detect  whose passwords are about to expire in a specified number of days, and then sends customizable notification e-mails to the account owners. The tool also sends summary reports to system administrators by e-mail. Armed with this tool, administrators can proactively resolve password expiration issues for end-users and service accounts.

NetWrix Password Expiration Notifier

Rate this tool: (6 votes, average: 4.33 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

In former times, making note of passwords was the worst sin for a sys admin. It turned out that many were tempted to use passwords that were easy to remember and therefore often too weak. There are ways to create passwords that are easy to memorize and difficult to crack by brute force attacks. However, the more passwords you have to manage the more difficult it gets to keep track of them. Thus I usually use random passwords and store them in a safe place. Of course, this is not 100% secure either, because if someone gets access to your password store, you will have a serious problem.

The minimum one should do is to encrypt the passwords. There are countless free password management tools for Windows. My favorite is Locknote, because it is allows me to encrypt all kinds of confidential data in a simple text editor. Another way is to store your passwords on your Smartphone or Pocket PC. This way, you will always have your passwords with you. There are many commercial password management tools for Windows Mobile, but I’ve only found one that is free.

(more…)

Rate this tool: (4 votes, average: 3.00 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

Password polices are an essential part of any security strategy. Most users tend to use too weak passwords because they are easier to memorize, thereby, endangering your whole network. In a Windows 2000/2003 domain you can only enforce one password and lockout policy for all users. Windows Server 2008 enables you now to use multiple password policies. In my view, this is a very interesting new feature.

(more…)

Of course, you can always reset a password if you have another admin account for this machine. However, if this isn’t the case, things can get a bit tricky. As a sys admin you are usually confronted with this problem if users have laptops where you don’t have an admin account. Even if you don’t have to reset a password now, you should get acquainted with this issue. Rest assured that sooner or later a user will bug you with this problem. I must admit that I managed to forget my own password more than once.

(more…)

How many passwords do you use? I’ve already given up counting mine. The list just keeps getting longer and longer, since i use a new password for every application or web site. (I hope you do this too.) Of course, it’s hard to remember all of them. So I save them in an encrypted file using Locknote. Infinite Password Generator offers another solution for this password problem. Instead of saving your passwords with a password manager, you generate the password each time you need it. Sounds strange, but it works.

(more…)

The major problem with any password-saving software is that passwords have to be loaded into the computer’s memory when you want to access them. This is a security risk. Passwordsaver (PWS) is a USB stick that solves this problem. It doesn’t show the passwords on the computer screen, but on its own tiny display.

(more…)

RunAsLimitedUser is a nifty RunAs tool that is so easy to use even for lazy admins. You probably know that Windows comes with a built-in RunAs feature. So-called security experts usually recommend that as a sysop you should only start applications with Administrator privileges when it’s necessary. The most secure way is to work with a normal user account, and start admin tools which need more rights, with an Administrator account. Well, I don’t know any sys admin who really works this way. It is just too time consuming to logon every time you need more privileges. RunAsLimitedUser works the other way around.

(more…)

WinSCP is an Open Source SFTP Client while PuTTY is a free SSH client. Both are must-have tools for Linux Administrators who manage their servers from a Windows client. I guess, there aren’t many sysops out there who don’t know these tools. This blog post describes how one can integrate PuTTY in WinSCP.

(more…)

How do you secure your passwords? As a sys admin you probably have countless accounts and I hope you don’t use the same password for all of them. I use by far too many passwords to remember them all. Writing them down is the only solution.

(more…)