Protect Your Windows Network: From Perimeter to Data

Appendix D. Password Generator Tool

Many of us are in charge of multiple systems, sometimes multiple thousands of systems. As you are no doubt aware if this applies to you, following the recommendations in "Protecting Your Windows Network" to maintain different administrator and service account passwords on all of them is almost unworkable without help. The passgen tool is designed to help you do so.

The passgen tool can manage passwords both locally and remotely. It is a bit different from standard password managers in that it does not actually store any passwords. It contains three major modes controlled by a master option, either g , r , or s . Each of these major modes contains essentially similar functionality. The master option simply allows you to specify where the password is coming from. Each option is documented in the following sections.

NOTE: The passgen tool version 1.0 has a SHA-1 hash of

a10baed3102b2183569077a3fbe18113a658ed5d.

If you do not have a SHA-1 hashing tool, use the file checksum verifier, available at http://www.microsoft.com/downloads/details.aspx?FamilyID=b3c93558-31b7-47e2-a663-7365c1686c08&DisplayLang=en. Be sure to verify the signature using this command:

fciv -add passgen.exe -sha1

If you get a different hash, do not use passgen . Send an e-mail to ProtectYourNetwork@hotmail.com and let us know where you got the tool, and we will send you a new copy.

Категории