RE: Local Admins

From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 09/05/03

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #152" 
    Date: Fri, 5 Sep 2003 13:10:51 -0700
To: "CHM Security" <chmsecurity@hotmail.com>, <focus-ms@securityfocus.com>

    If you're scriptable, try using the Win32_Account WMI class or the
    WinNT:// ADSI object.
    Either one allows you to enumerate members of NT groups...

    * Jim Harrison
    MCP(NT4/2K), A+, Network+
    Security Business Unit (ISA SE)

    You curl your toes in fun, as you smile at everyone
    You meet the stares, you're unaware
    That your doings aren't done.
    - Ian Anderson

    -----Original Message-----
    From: CHM Security [mailto:chmsecurity@hotmail.com]
    Sent: Friday, September 05, 2003 09:34
    To: focus-ms@securityfocus.com
    Subject: Local Admins

    Is there an easy way to scan 2K/XP machines to determine who is a member
    of
    the administrator groups? We are having a lot of problems with our IT
    personnel adding local users as admins on their boxes which is causing
    us
    lots of problems. We just found one user who was hitting cancel
    everytime
    the SUS would send updates to her machine because it wasn't convenient.
    We
    have over 1000 machines in our domain and I really don't want to try and
    run
    this manually, especially when there is a chance some tech might come
    behind
    and start adding them back.

    Thanks!

    ------------------------------------------------------------------------ 

    ---
KaVaDo provides the first and only integrated Web application scanner
and 
firewall security suite that prevent Web applications attacks, the most 
common form of online exploitation. Download a FREE whitepaper on
Security Policy Automation for Web Applications. 
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818 
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and 
firewall security suite that prevent Web applications attacks, the most 
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications. 
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818 
---------------------------------------------------------------------------
  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #152"

    Relevant Pages

    • RE: Local Admins
      ... Subject: Local Admins ... Is there an easy way to scan 2K/XP machines to determine who is a member ... firewall security suite that prevent Web applications attacks, ...
      (Focus-Microsoft)
    • Local Admins
      ... personnel adding local users as admins on their boxes which is causing us ... have over 1000 machines in our domain and I really don't want to try and run ... firewall security suite that prevent Web applications attacks, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • Re: Why Programs get written to need admin priveleges.
      ... >>Why administrators must pesuade some applications to run with ... >>firewall security suite that prevent Web applications ... >>common form of online exploitation. ... >>Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • Re: focus-ms@securityfocus.com
      ... local password caching need never be to a local file on a ... ticket issued Kerberose must use some sort of credential caching. ... > firewall security suite that prevent Web applications attacks, ...
      (Focus-Microsoft)
    • RE: Patch testing
      ... If you don't have mirrored disk capabilities - use Norton Ghost to snap an ... image of the system partition on the server before patching. ... > firewall security suite that prevent Web applications ... > whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)