AD access
From: Robert Rota (robert.a.rota@saic.com)Date: 11/30/01
- Previous message: Paul L Schmehl: "RE: Deploying Hotfixes, SPs and other Software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Nov 2001 15:29:32 -0000 Message-ID: <20011130152932.21644.qmail@mail.securityfocus.com> From: Robert Rota <robert.a.rota@saic.com> To: focus-ms@securityfocus.com Subject: AD access('binary' encoding is not supported, stored as-is)
Quick question that I would like anyone to answer..
Do you know of a utility that will access Active
Directory in the LocalSystem Context? I would like to
be able to delete the Guest account after I have
promoted the server. As you know, accounts are then
stored in ntds.dit. For some reason I cannot
manipulate the name spaces the way I could the
registry. Do you know of a tool that can modify these
fields and that will run with system privilege? I have
opened the adsi edit utility with LocalSystem privilege
and still not been able to delete the Guest account.
Any incite that you may have into this process would
be appreciated. Also, do you know of a tool that can
manipulate Active Directory if it is not loaded into
memory? For instance, say I boot the DC with a
floppy and mount the FS. Now I have bypassed ACLs
and I want to edit ntds.dit? I assume the ADSI may be
programmed to do this but I am skepticle about the
ACL?
Again, any incite would be greatly appreciated....
Thanks,
Rob
- Previous message: Paul L Schmehl: "RE: Deploying Hotfixes, SPs and other Software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
