按照一般的安全准则,MOSS方案在部署以后,应该立刻修改服务账号以策安全,但是,修改服务账号并不容易,难免挂一漏万,microsoft 有一个script来帮助修改服务账号
@echo off
rem other app pools
echo *** Updating app pool passwords
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updateaccountpassword -userlogin %1 -password %2 -noadmin
rem central admin
echo *** Updating Central Admin password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updatefarmcredentials -userlogin %1 -password %2
rem ssp - new
echo *** Updating ssp password for new installs
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "SharedServices1" -ssplogin %1 -ssppassword %2
rem ssp - upgrade
echo *** Updating ssp password for upgraded installs
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "Default Web Site" -ssplogin %1 -ssppassword %2
rem osearch
echo *** Updating osearch password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o osearch -farmserviceaccount %1 -farmservicepassword %2
echo *** MANUAL UPDATE NEEDED. To update the password, visit the SSP Web application page, click Search Settings, and then click Default Content Access Account.
rem spsearch
echo *** Updating spsearch password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o spsearch -farmserviceaccount %1 -farmservicepassword %2
echo *** Updating spsearch content access account
"%commonprogramfiles%\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o spsearch –farmcontentaccessaccount %1 -farmcontentaccesspassword %2
rem restarting IIS
echo *** Doing soft restart of IIS
iisreset /noforce
echo on
存放在changeAC.cmd
调用时的命令格式为 changeAC.cmd domain\userid password
其中用一个服务账号timer job无法用这个script修改,一定要手工修改。
@echo off
rem other app pools
echo *** Updating app pool passwords
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updateaccountpassword -userlogin %1 -password %2 -noadmin
rem central admin
echo *** Updating Central Admin password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updatefarmcredentials -userlogin %1 -password %2
rem ssp - new
echo *** Updating ssp password for new installs
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "SharedServices1" -ssplogin %1 -ssppassword %2
rem ssp - upgrade
echo *** Updating ssp password for upgraded installs
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "Default Web Site" -ssplogin %1 -ssppassword %2
rem osearch
echo *** Updating osearch password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o osearch -farmserviceaccount %1 -farmservicepassword %2
echo *** MANUAL UPDATE NEEDED. To update the password, visit the SSP Web application page, click Search Settings, and then click Default Content Access Account.
rem spsearch
echo *** Updating spsearch password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o spsearch -farmserviceaccount %1 -farmservicepassword %2
echo *** Updating spsearch content access account
"%commonprogramfiles%\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o spsearch –farmcontentaccessaccount %1 -farmcontentaccesspassword %2
rem restarting IIS
echo *** Doing soft restart of IIS
iisreset /noforce
echo on
存放在changeAC.cmd
调用时的命令格式为 changeAC.cmd domain\userid password
其中用一个服务账号timer job无法用这个script修改,一定要手工修改。