Default domain permissions on who can join a workstation to the domain
Next message: Tony Mason: "Re: Remote Windows Kernel Exploitation - Step Into the Ring 0"
Date: Thu, 10 Mar 2005 11:06:44 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Apologies if this was obvious to anyone but me, but I stumbled upon the
following while researching a problem:
http://tinyurl.com/6kdjh
Apparently, the default behavior in a Windows 2000 and 2003 Active
Directory is that any authenticated user has the ability to join
computers to the domain up to 10 times. Upgrading your domain from NT
4.0 to 2000 actually seems to open up a security attribute, rather than
lock it down further. Why this isn't made a bit more obvious is beyond
me. I've been doing this gig for 10 years (well, Win2k for 5 obviously)
and I've never heard this mentioned anywhere, even among my peers and
colleagues, or at the many conferences I've attended over the years.
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--
Next message: Tony Mason: "Re: Remote Windows Kernel Exploitation - Step Into the Ring 0"
Relevant Pages
- Re: Blue Files -Gerry
... My apologies for not adding that fact, ... Windows XP Associate Expert ... The information in this mail/post is supplied "as is". ... The last one was (remove all but the latest restore points) ...
(microsoft.public.windowsxp.general) - Email Connectivity
... I am currently researching for my dissertation ... and would like to ask anyone for advice concerning email connectivity. ... I intend to build a database that amongst other things will record ... windows xp pro PC at home and a Windows 2000 pro PC at University. ...
(comp.databases.oracle.misc) - Windows Vista Home Premium Ed., Control Panel will not open problem. Any suggestions for fix?
... And when I go to Microsoft to validate my program it's says I'm not running a valid version of Windows. ... It was suggested I hadn't gone back far enough so I went back to the first date listed under the restore points available on my PC. ... At this point, my PC keeps trying to install the Windows Updates from after my restore point -- no troubles downloading them, but when it tries to install them it gets stuck on the configuring and says it is reverting ... ... Meanwhile I will continue researching ... ...
(microsoft.public.windows.vista.performance_maintenance) - Re: Windows Vista Home Premium Ed., Control Panel will not open problem. Any suggestions for fix?
... "Kim Doyle" wrote in message ... And when I go to Microsoft to validate my program it's says I'm not running a valid version of Windows. ... It was suggested I hadn't gone back far enough so I went back to the first date listed under the restore points available on my PC. ... Meanwhile I will continue researching ... ...
(microsoft.public.windows.vista.performance_maintenance) - Re: Spybot Error Message
... No apologies are necessary. ... MS-MVP Windows Shell/User ... > The PATH under Environment Variables was different ... >> %systemroot% is an environment variable that is the location of the ...
(microsoft.public.windowsxp.general) |
|
