RE: Local Admins
From: Geoffrey Shorter (geoffreyshorter_at_hotmail.com)
Date: 09/05/03
- Previous message: Jake Frost: "MS03-008 and SP4"
- Maybe in reply to: CHM Security: "Local Admins"
- Next in thread: Jim Harrison (ISA): "RE: Local Admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Fri, 05 Sep 2003 17:49:12 -0400
For commercial tools, look at:
User Manager Pro by Lieberman and Associates -- a little expensive.
Local Account Password Manager from foghornsecurity.com -- more affordable.
Or, if those are too expensive, do what we did:
Write a Perl script to handle it.
We wrote a script that will query machines for all the local admins or
change the passwords of local admins, or both. The capability exists in
known Perl modules.
From there, you just wrap that into another Perl script that enumerates your
domain and then queries each machine and builds a database or text file of
all the results.
We just recently added another Perl script, that checks the members of the
big 6 Global Groups -- Domain Admins, Server Operators, Account Operators,
Backup Operators, Print Operators and Administrators -- and lets us know
when any new member is added to one of these groups. This script writes the
current membership into an SQL table, and then compares membership with the
table twice a day.
Then, when someone in our group questioned whether we'd be sending passwords
in plain text with some of our scripts, we sniffed the scripts working, and
passwords were all encrypted.
So, commercial solutions exist, but Perl can also solve the problem.
geof
-----Original Message-----
From: CHM Security [mailto:chmsecurity@hotmail.com]
Sent: Friday, September 05, 2003 12:34 PM
To: focus-ms@securityfocus.com
Subject: Local Admins
Is there an easy way to scan 2K/XP machines to determine who is a member of
the administrator groups? We are having a lot of problems with our IT
personnel adding local users as admins on their boxes which is causing us
lots of problems. We just found one user who was hitting cancel everytime
the SUS would send updates to her machine because it wasn't convenient. We
have over 1000 machines in our domain and I really don't want to try and run
this manually, especially when there is a chance some tech might come behind
and start adding them back.
Thanks!
_________________________________________________________________
Get a FREE computer virus scan online from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
- Previous message: Jake Frost: "MS03-008 and SP4"
- Maybe in reply to: CHM Security: "Local Admins"
- Next in thread: Jim Harrison (ISA): "RE: Local Admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
