RE: w2k server compromised
From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 01/24/03
- Previous message: H C: "Re: w2k server compromised"
- In reply to: Dan Uscatu: "w2k server compromised"
- Next in thread: Thomas Cameron: "RE: w2k server compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Laura A. Robinson" <larobins@bellatlantic.net> To: "'Dan Uscatu'" <duscatu@lunatech.ro>, <focus-ms@securityfocus.com> Date: Fri, 24 Jan 2003 02:59:16 -0500
LDIFDE or CSVDE, although they just do text dumps of the configuration and
accounts and won't maintain SIDs. You could use ADMT v2 to migrate from the
infected domain into a clean domain, and it does migrate passwords.
Laura
> -----Original Message-----
> From: Dan Uscatu [mailto:duscatu@lunatech.ro]
> Sent: Thursday, January 23, 2003 3:17 AM
> To: focus-ms@securityfocus.com
> Subject: w2k server compromised
>
>
> hey all
>
> i just found one of the w2k servers to be infected and acting
> very strangely. unfortunately it is a domain controller and
> it has all the users/computers lists.
>
> how can i export these before reinstall in order to keep the
> exact same configuration (everything except passwords of
> course) ? i suppose this could be usefull to be done on a
> regular basis too...
>
> TIA
>
>
- Next message: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- Previous message: H C: "Re: w2k server compromised"
- In reply to: Dan Uscatu: "w2k server compromised"
- Next in thread: Thomas Cameron: "RE: w2k server compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
