Occasionally, I see a security incident where one of the things that went wrong was that all of the customer's machines have the same password for the built-in administrator's account.  Whenever this happens, I suggest the PASSGEN tool that was included with the book "Protect Your Windows Network" by Steve Riley and Jesper Johansson.  Obviously, most people don't want to run to the bookstore in the middle of a security incident but, fortunately, it was available on their website.

Unfortunately, the website disappeared recently and I had to scramble around to find it.  If you're looking for PASSGEN (and you should be if you have the same password for local admin across a number of machines), you can find it in two places:

  1. The Windows Server 2008 Resource Kit
  2. Steve's blog
Comments (1)

  1. Anonymous says:

    My team deals with security incident response in the corporate space so I don’t see that; however, I’m not so sure it would be a problem.  I run WHS at home and, while things run smoother if user accounts have the same password across multiple machines, there is no dependency on the builtinadministrator accounts on those machines.

Skip to main content