RE: NT and 2000 account policies administrations

From: Sergey V. Gordeychik (gordey_at_infosec.ru)
Date: 05/12/04

  • Next message: Sergey V. Gordeychik: "RE: Relative Security Provided by Cached Domain Credentials?" 
    Date: Wed, 12 May 2004 10:14:09 +0400
To: "Pontonnier- White, Sylvie" <spontonnier-white@TYCO.COM>, <focus-ms@securityfocus.com>

    >Question 1
    >Under MSW NT and 2000 is there a
    >possibility to restrict certain actions
    >that a user having administrator rights
    >might be able to do on the system security configuration.

    Generally - NO. A administrator is a administrator is a administrator.
    You can control it in Active Directory environment with help of
    delegation of control.

    >Question 2
    >Under MSW NT and 2000 can the audit function provide details of any
    >changes made to the account policies/security
    >configuration by each of the...

    You can use Directory access events to control Group Policy
    modification.
    http://support.microsoft.com/default.aspx?kbid=814595

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Sergey V. Gordeychik: "RE: Relative Security Provided by Cached Domain Credentials?"

    Relevant Pages

    • NT and 2000 account policies administrations
      ... this is the first time I am asking you for a few words of counsel. ... that a user having administrator rights might be able to do on the system ... once the accounts policies has been set up (say min password length ... Under MSW NT and 2000 can the audit function provide details of any changes ...
      (Focus-Microsoft)
    • Re: password
      ... In article, "msw" <msw ... password does not match policy. ... passwords hard to guess. ... Ask your administrator what the ...
      (microsoft.public.win2000.security)
    • Re: Parent Control Software
      ... I have heard that the new McAfee Security Suite has Parent Control. ... You can create a very STRONG and COMPLEX administrator password by ... With this account, a child can access anything you ... Probably the most important part is taking GOOD control of the Administrator ...
      (microsoft.public.security)
    • Re: Cant Create User Profiles?
      ... Ensure the "Profile Folder" has the following permissions set: ... Full Control - Administrator ... > | Windows 2000 Server with the latest service packs and patches. ...
      (microsoft.public.win2000.general)
    • Require users to press Ctrl+Alt+Delete Grayed Out
      ... Per the advice of Kelly of Kelly's Korner I ran RegEdit ... I then created a new DWORD value, "DisableCAD"; ... the check box in the user accounts control ... >>as Administrator (although my account, ...
      (microsoft.public.windowsxp.security_admin)