Re: Local Admin

---

• From: "Steven" <steven@xxxxxxxxxxx>
• Date: Thu, 1 Jun 2006 22:43:00 -0400

---

Hello,

Let me try a response to your qustion and precursor it with my assumptions about your environment.

I am assuming that you are currently in an Active Directory (AD) environment and that your users are local administrators of their own machines once logged into their domain account. My next guess is that you have a local administrator account on each machine and this is the one you are interested in watching.

To the best of my knowledge there is no way to do this through AD. The local account on the machine is separate from your AD is resides only on the local installation. The only way that I know of that you could be notified of a change is if you have some kind of additional log monitor. This could alert you to password changes (event id 628) or attempted(failed) changes (event id 627). You might also want to look for account created/deleted events in your logs as well.

Depending on the size of your environment and number fo your staff I would not say it's unreasonable or impossible to set administrative BIOS passwords on all of the machines. This can go a decent way to protecting machines from being booted from a CD. It of course will not stop a determined attacker that's in front of the box.

Hope this helps.. just post back if you have more questions.

Steven

----- Original Message ----- From: "Mohamed Abdel Kader" <mak.pen@xxxxxxxxx>
To: <pen-test@xxxxxxxxxxxxxxxxx>
Sent: Thursday, June 01, 2006 4:58 AM
Subject: Local Admin

Hello List,

I was wondering if their is a way to monitor if someone changed the local

Administrator, on his/her computer, through an active directory, and how can

This be prevented in large organizations. It is not practical to change the

Bios password on all of the computer and the boot order and lock the

Machines; at least in this case.



Thanks all...



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Local Admin
    • From: Billy Beaudoin
  • RE: Local Admin
    • From: Vladan Todorovic

• References:
  • Local Admin
    • From: Mohamed Abdel Kader

• Prev by Date: RE: Wireless PenTesters Hardware
• Next by Date: Re: HTTPS proxy tool that resigns SSL certs
• Previous by thread: Local Admin
• Next by thread: RE: Local Admin
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Nmap scanning speed ... Don't ping to check the machines state and have nmap do fast parallel scans, ... Concerned about Web Application Security? ... Download FREE whitepaper on how a managed service can ... (Pen-Test) Re: Is sentience an emergent brain behavior? ... I can give examples of learning machines that can change their ... not the environment. ... defective understanding of behaviorism that there's no point taking you ... behaviors without opening up the internals of a chess program I would ... (comp.ai.philosophy) Re: A critique of test-first... ... > network, by parallel I mean multiple CPUs in the same nest). ... > a controlled environment which can be exactly characterized for MTBF, ... > may be hardware on the links which are not under your control. ... > be interesting to hear how they spec'd the machines and network to get ... (comp.programming) Re: A critique of test-first... ... network, by parallel I mean multiple CPUs in the same nest). ... In a distributed environment the environment is much less fixed. ... may be hardware on the links which are not under your control. ... be interesting to hear how they spec'd the machines and network to get ... (comp.programming) Re: Alternative tof Microsoft Windows vis a vis Lisp ... >> The Lisp machines of years ago provided an integrated operating ... >> environment and the kind of user interface many of whose features are ... >> to design and maintain - but we are now 20 years in the future. ... >> So any attitudes which abjures the importance of these Lisp machines, ... (comp.lang.lisp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)