Domain Security

So after a domain Security audit failure, I started looking for efficient ways to increase our security level

LanMan password Hashes:
use the pwdump program to audit machines
the 3rd column separated by : is the LanMan hash, our objective is to get all of these to say NO PASSWORD. the 4th column is the Ntlm hash, our objective is that all of these have a very long complicated password. Easy to do on 1 pc, hard for every workstation on the network!.

Administrator:500:37D8A9D322EHBCC5DF128B2DD32BAD07:7973F8B1D4BA044FH353577D20D05B43:::
adminl:1012:NO PASSWORD*********************:A87F3A337D73085C45F9416BEH787D86:::
ASPNET:1006:NO PASSWORD*********************:765846AF2H3722A756C36BF4FAB8E706:::
ASPNET_history_0::ED4313FC8629054035HD0F969A87EB54:248991E4B30D6D3H44ECBAE41ACCF27D:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
HelpAssistant:1000:0BF0F22C79E13F88FAH2654ABEA76BAE:E6B3E02A7AB163BAEAH9650717C1C245:::
SUPPORT_388945a0:1002:NO PASSWORD*********************:3A912CDE5FDC01E01E2FCC8525H0FF64:::


:Put this in your logon script for a week, it will erase all the local account password history after the computer reboots(ASPNET_history_ in the above). Even if the LanMan is turned off and password is changed the history still includes LanMan hashes. They are useless to logon but they still provide good clues.
net accounts /uniquepw:0


:run the below script a number of times cycling the account through all the M$ created accounts
Guest, ASPNET, HelpAssistant, IUSR_%computername%, IWAM_%computername%

REM change the local Administrator password for ALL computers in an OU
Set objOU = GetObject("LDAP://OU=Test, DC=MyDomain, DC=com")
objOU.Filter = Array("Computer")
For Each objItem in objOU
strComputer = objItem.CN
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
objUser.SetPassword("MakeThisExceptionallyLongCuzNobodyWillEverUse1t")
Next