Re: AD access

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 12/01/01

• Previous message: Robert Rota: "AD Access"
• Next in thread: Robert Rota: "Re: AD access"
• Reply: Robert Rota: "Re: AD access"
• Reply: Robert Rota: "Re: AD access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "Robert Rota" <robert.a.rota@saic.com>, "Focus on Microsoft Mailing List" <FOCUS-MS@SECURITYFOCUS.COM>
Date: Fri, 30 Nov 2001 18:16:05 -0500

Why are you trying to delete the guest account, specifically?

Aside from that, if you boot into directory services restore mode on a DC,
AD is not initialized and you can manipulate it with utilities like
NTDSUTIL.

Laura
----- Original Message -----
From: "Robert Rota" <robert.a.rota@saic.com>
To: <focus-ms@securityfocus.com>
Sent: Friday, November 30, 2001 10:29 AM
Subject: AD access

>
>
> Quick question that I would like anyone to answer..
> Do you know of a utility that will access Active
> Directory in the LocalSystem Context? I would like to
> be able to delete the Guest account after I have
> promoted the server. As you know, accounts are then
> stored in ntds.dit. For some reason I cannot
> manipulate the name spaces the way I could the
> registry. Do you know of a tool that can modify these
> fields and that will run with system privilege? I have
> opened the adsi edit utility with LocalSystem privilege
> and still not been able to delete the Guest account.
> Any incite that you may have into this process would
> be appreciated. Also, do you know of a tool that can
> manipulate Active Directory if it is not loaded into
> memory? For instance, say I boot the DC with a
> floppy and mount the FS. Now I have bypassed ACLs
> and I want to edit ntds.dit? I assume the ADSI may be
> programmed to do this but I am skepticle about the
> ACL?
>
> Again, any incite would be greatly appreciated....
>
> Thanks,
>
> Rob

---

• Previous message: Robert Rota: "AD Access"
• Next in thread: Robert Rota: "Re: AD access"
• Reply: Robert Rota: "Re: AD access"
• Reply: Robert Rota: "Re: AD access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: boot as guest ... Boot: Original root Bootstap. ... To make a guest account for you computer try using Google and the search ... The first link should be ... (microsoft.public.windowsxp.basics) Re: How to disable parental control software ... installed a ' parental control software ' ... Im not young,15 already!!I cant open facebook, play ... It's the house machine and I use the guest account. ... Boot from a Linux Live CD. ... (microsoft.public.windows.vista.general) Re: How would you add an Admin account ... And you've only got a Guest account in XP Home? ... To boot into Safe Mode, ... Use the UP arrow key to select Safe Mode ... (microsoft.public.windowsxp.general) Re: How would you add an Admin account ... And you've only got a Guest account in XP Home? ... Tell your friend to boot into Safe Mode and try to log on with the ... the UP arrow key to select Safe Mode from the menu. ... (microsoft.public.windowsxp.general) Re: NT 4.0 Password problem ... a win98SE boot disk, and also with a Unix password boot disk (they ... Then you can run the linux hack. ... owner never set the administrator or guest account password. ... (comp.os.ms-windows.nt.admin.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-12