IE combined security package...

From: Otto Goencz (ogoencz@GREENWICHTECH.COM)
Date: 02/12/02


Date:         Tue, 12 Feb 2002 12:32:32 -0500
From: Otto Goencz <ogoencz@GREENWICHTECH.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

More of a question than bug report....
 
Platform: Win2K Professional SP2, assigned to a workgroup
 
Applied combined IE fix (link might be wrapped):
 
 
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/bulletin/MS02-005.asp>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS02-005.asp
 
Steps taken:
  Install package
  Reboot the machine
 
Result:
  Unable to log-in using the previous administrator account
 
Mitigating factors:
  
Couple of month ego the "Local Security Policy" was used to change the
name for The "Administrator" account to XYZ. Later on the "Computer
Management" applet was used to change the same administrator account to
WSX, without modifying the local security policy. This caused no
problems even if the PC was rebooted, until installing the IE combined
security package.
Upon rebotting the machine after the package installation, the log-in
screen showed the previous user which was WSX. Entering the password
numerous times resulted in "The system could not log you on...." error
message. The backup admin account (luck?) was used to log-in to the
machine and checking the existing user account. The user manager did not
have the WSX account, however, it did have the XYZ account. The latter
one was used to log-in to the machine with the existing password, with
no problems. After re-naming the account from XYZ to WSX with the user
manager and rebooting the machine, the WSX account is able to log-in.
 
Questions:
 
There are couple of issues what I don't have answers for. Obviously, the
symptoms described above could be attributed to the system
configuration. However.....
Why the local security settings aren't applied all the times when the
machine is rebooted?
What is IE package doing to re-arrange user accounts?
 
TIA....
 
Otto
 

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



Relevant Pages

  • Risks Digest 25.73
    ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
    (comp.risks)
  • Re: MBSA, Office Update, Versions, Failures
    ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ...
    (microsoft.public.officeupdate)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: IE combined security package...
    ... execute an RDISK after changing the admin name to WSX? ... way to see changes in the admin account name would be to read the SAM. ... ....Upon rebotting the machine after the package installation, the log-in ... Go Beyond PARTIAL Security: FREE White Paper ...
    (NT-Bugtraq)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ...
    (microsoft.public.inetserver.iis.security)