Re: IE combined security package...

From: Bob Simmons (bnsimmon@DMAX-LTD.COM)
Date: 02/13/02 

Date:         Wed, 13 Feb 2002 15:52:31 -0500
From: Bob Simmons <bnsimmon@DMAX-LTD.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

For All: First post to a listserv, so forgive any "newbie" mistakes or
missteps

For Otto Goencz: Haven't had time to research this carefully, but did you
execute an RDISK (or Win2K equivalent) after changing the admin name to WSX?
It's my guess that the rollup install uses the information stored in the
WINNT\Repair folder to re-institute system settings, much the same as a
Service Pack does. Since local administrator account information is not
stored on a domain controller at logoff like domain accounts are, the only
way to see changes in the admin account name would be to read the SAM.
However, if you did not run RDISK after the name change, the change did not
get reflected in the SAM backup in WINNT\Repair. So, if the rollup did
indeed install using the Repair folder to re-institute system settings, the
admin username would revert to whatever name was in effect at the time the
last RDISK (or Win2K equivalent) was run. The previously logged on user is
stored in a registry setting, not in the SAM, which is how it can display a
username that technically does not exist.

-----Original Message-----
From: Otto Goencz
Subject: IE combined security package...

....Unable to log-in using the previous administrator account....

....Upon rebotting the machine after the package installation, the log-in
screen showed the previous user which was WSX. Entering the password
numerous times resulted in "The system could not log you on...." error
message. The backup admin account (luck?) was used to log-in to the
machine and checking the existing user account. The user manager did not
have the WSX account, however, it did have the XYZ account. The latter
one was used to log-in to the machine with the existing password, with
no problems. After re-naming the account from XYZ to WSX with the user
manager and rebooting the machine, the WSX account is able to log-in....

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Relevant Pages

  • IE combined security package...
    ... Unable to log-in using the previous administrator account ... WSX, without modifying the local security policy. ... Upon rebotting the machine after the package installation, the log-in ...
    (NT-Bugtraq)
  • Risks Digest 25.73
    ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
    (comp.risks)
  • Re: MBSA, Office Update, Versions, Failures
    ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ...
    (microsoft.public.officeupdate)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ...
    (microsoft.public.inetserver.iis.security)