Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

Windows passwords

A common means for Windows hosts to be broken into is via weak passwords. In particular, the following accounts are often the target of break-ins:

  • SCS Windows domain accounts.
  • The local Administrator account on your PC.

You should make sure that your Windows domain password is a good password, and also change the local Administrator account password on your PC to a good password that you can remember (Facilities does not need to know this password). Also, you should make sure that the Guest account on your PC is disabled, since it allows passwordless access to your machine.

In addition, if you are install a networked service such as MS SQL server, you should make sure that any passwords for that service are reset to a strong password that is something other than the default (this is especially true of the sa account on SQL server).

How to choose a good password

A good password is one that is not easily guessed, even if a hacker tries millions of guesses (and hackers do have tools to do that sort of thing). See the document on how to choose good passwords for information on what makes a good password, and some tips on how to choose good passwords.

How to change your SCS domain password

There are 2 ways in which you can change your SCS Windows domain password. You can use the Instance Manager Tool to change the password.

Alternatively, if you are logged into a Windows machine in the domain, it can be changed using the following instructions:

  1. Press ctl-alt-delete after you have logged in to your PC.
  2. Select Change Password on the dialogue box.
  3. Fill in the given fields on the change password dialogue box. Make sure that the pull-down menu (labeled "Log on to:" or "Domain") says "SCS".

Password lockout warning:

If you change your Windows password while logged on to other computers, your account might get locked out for up to 30 minutes. The solution is to log out from all other computers, change your password, and then log out and log back in.

What causes this: Computers, and smartphones too, use your Windows credentials to request network resources. When you change your password from one computer, the other computers will still request resources using the old credentials. Too many of these invalid requests will cause a lockout.

How to change the local administrator password if you know it

  1. Press ctl-alt-delete after you have logged in to your PC.
  2. Select Change Password on the dialogue box.
  3. Fill in the given fields on the change password dialogue box. The "User name" is "administrator" and the pull-down menu (labeled "Log on to:" or "Domain") should have the name of the local machine that you are using.

If you do not know the local administrator password

If you do not know the local administrator password, you can still change it if you in the Administrators group on that host.

On Windows 2000 & Windows XP:

  1. Select: Start|Settings|Control Panel
  2. Click on Users and Passwords
  3. Highlight the Administrator user and select Set Password

If you need help in changing passwords

If you need any help in changing your passwords, contact the SCS Help Desk (x8-4231; GHC 4203; M-F, 9-5). If you have forgotten your password and need us to issue a new password to you, see our instructions for how to have a password reset.

How to disable the Guest account on your PC

On Windows NT

  1. Select Start|Administrative Tools|User Manager.
  2. Double click on Guest.
  3. Put a check in the Account Disabled box. Users and Passwords window.

On Windows 2000 & XP

  1. Right click on the My Computer icon on your desktop and select Manage from the menu.
  2. Select Local Users and Groups and then Users.
  3. Double-click on the Guest user.
  4. Check the Account is disabled box in the dialogue with the General tab.
  5. Click OK