Windows Admin Group Problem

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
daverich-p40
New Member
Posts: 8
Joined: Sun Mar 02, 2008 10:49 am

Windows Admin Password

#11

Post by daverich-p40 »

RussellHltn wrote:Download from mls.lds.org. If you don't know the login, ask the stake technology specialist or stake clerk.

You can try and call support and ask them to send the password to someone they trust in the stake.

The Desktop Image we are talking about is 4 CD's that reformat and reinstall the entire system as a pre-configured standard from SL HQ. It is not just an MLS update. That is just one of the 35 steps in the process. It takes about 4 hours after that prep work of gathering and backing up all the data. I would rather not repeat it.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#12

Post by russellhltn »

I know what it is and how long it takes, as I've personally done it to all 10 admin computers in my stake.

I thought it was on the mls.lds.org site, but it's not. Just the instructions.

The underlying problem here is how passwords should be disclosed. This is primarily a user-to-user support area with a few officials chiming in from time to time (like DJC). The problem is either by forum or by phone, they can't be sure who is really calling. The most secure form of communication is via a MLS message. You might want to send a message, preferably from the stake machine. Then CHQ has some assurance about who is asking.

Something to think about, is Desktop 5.5 does come with a recovery setup. It's the first thing that comes up after the BIOS and before the Windows logo. However, I've not NO idea just what it will do. It might fix your problem, it may undo all of MLS and the other Post Desktop 5.5 too. I really don't know. It may be something to try when you have the CDs in hand and nothing to loose.
daverich-p40
New Member
Posts: 8
Joined: Sun Mar 02, 2008 10:49 am

Windows Admin Password

#13

Post by daverich-p40 »

RussellHltn wrote:I know what it is and how long it takes, as I've personally done it to all 10 admin computers in my stake.

I thought it was on the mls.lds.org site, but it's not. Just the instructions.

The underlying problem here is how passwords should be disclosed. This is primarily a user-to-user support area with a few officials chiming in from time to time (like DJC). The problem is either by forum or by phone, they can't be sure who is really calling. The most secure form of communication is via a MLS message. You might want to send a message, preferably from the stake machine. Then CHQ has some assurance about who is asking.

Something to think about, is Desktop 5.5 does come with a recovery setup. It's the first thing that comes up after the BIOS and before the Windows logo. However, I've not NO idea just what it will do. It might fix your problem, it may undo all of MLS and the other Post Desktop 5.5 too. I really don't know. It may be something to try when you have the CDs in hand and nothing to loose.

Thank you for both suggestions... I will have the Stake Exe Secretary send an MLS message.

I am aware of the Bios Backup and Restore screen and have thought the same thing that I don't know how it works and nothing in the docs to explain it. I guess that is the next issue I track down with CHQ.

Thanks
LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

#14

Post by LakeyTW »

Dave _R wrote:So there is someone that knows it exists... we are making progress.

Its an admin password to the system. The same level of access as the CLERK login for which I am trying to reassign to the admin group. It is not securing any access that we didn't already have so I don't understand why it can't be shared... how about sent to the Stake President. He should be trust worthy enough.

It will take weeks to get the CD's back from the other Wards now... don't send me the password but lets not lets not make this more than it needs to be. An email or phone call to the SP will save two clerks 4-5 hour each.
Yes, a local admin account exists. However, the password for this account should NOT be disclosed. I understand your dilemma and wish it didn't require a reimage, but I still believe that to be preferable to releasing an admin password to the general public. There are other methods for password recovery, but they also require a fairly high level of expertise and may result in other problems.
The_Earl
Member
Posts: 278
Joined: Wed Mar 21, 2007 9:12 am

#15

Post by The_Earl »

RussellHltn wrote: <snip>
The underlying problem here is how passwords should be disclosed. This is primarily a user-to-user support area with a few officials chiming in from time to time (like DJC). The problem is either by forum or by phone, they can't be sure who is really calling. The most secure form of communication is via a MLS message. You might want to send a message, preferably from the stake machine. Then CHQ has some assurance about who is asking.
<snip>
I am getting that the account in question is a maintenance account used on EVERY MLS machine in existence. That is not a password I would hand out to ANYONE at the local level.

The Earl
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#16

Post by russellhltn »

The Earl wrote:I am getting that the account in question is a maintenance account used on EVERY MLS machine in existence. That is not a password I would hand out to ANYONE at the local level.
In understand what you are saying, but how does that differ from the Clerk login (with Admin rights) which is also supposed to be the same for all machines (unchanged from the image) and IS handed to all local users. :rolleyes:

Besides, there are tools out there that can crack that password given that he has unlimited physical access to the machine.

I can understand being careful, but I'm not sure about never giving it out. It's something I can go either way on.
LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

#17

Post by LakeyTW »

RussellHltn wrote:In understand what you are saying, but how does that differ from the Clerk login (with Admin rights) which is also supposed to be the same for all machines (unchanged from the image) and IS handed to all local users. :rolleyes:

Besides, there are tools out there that can crack that password given that he has unlimited physical access to the machine.

I can understand being careful, but I'm not sure about never giving it out. It's something I can go either way on.
The difference is that the clerk password may be the same on a fresh image, but should be (and is typically) changed. The other admin account password is not changed or widely used.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#18

Post by aebrown »

lakeytw wrote:The difference is that the clerk password may be the same on a fresh image, but should be (and is typically) changed. The other admin account password is not changed or widely used.

Your statements about the clerk password being changed are incorrect. According to the Desktop 5.5 instructions:
Log on to the computer, using the user name CLERK (in all capitals, as shown here) and the password <password>. This is the computer administrator account. It is also the only account to be used to run MLS. Please do not allow this username or password to be changed.

Many of us have noted that this seems like extremely weak security policy for an administrator account, but there it is in black and white.
LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

#19

Post by LakeyTW »

Alan_Brown wrote:Many of us have noted that this seems like extremely weak security policy for an administrator account, but there it is in black and white.
Agreed that this is poor policy for this account. I will look into this and see why it cannot be changed. That said, the D&C89 account is much more broadly used than just local unit machines and should not be given to anyone.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#20

Post by russellhltn »

lakeytw wrote:That said, the D&C89 account is much more broadly used than just local unit machines and should not be given to anyone.
Uh, that sounds like a security weakness right there. Because if anyone cracks that password, then they have access to more then just local unit machines.
Post Reply

Return to “Clerk Computers”