RE: Local Administrator Rights

From: Andrew Jones (Andrew.Jones@meggitt.demon.co.uk)
Date: 02/11/02 

From: Andrew Jones <Andrew.Jones@meggitt.demon.co.uk>
To: 'Dave Bujaucius' <bujauciusd@gliatech.com>, security-basics@securityfocus.com, focus-ms@securityfocus.com
Date: Mon, 11 Feb 2002 08:19:28 -0000

What about running L0Phtcrack on the Backup SAM from the machine,

Domain Admin does not Automatically have access to Local Admin, as you have
found out.
What about the user that removed Domain Admin, is HE in the Local Admin
group, if so, change his password and log on as him.

To downsize the Admin rights makes me think he was a bit paranoid about the
Admins snooping about on his comp - possibly up to no good?

But, if L0phtcrack or another SAM tool does not work then find them thar
installation discs.,

HTH

Andrew

> -----Original Message-----
> From: Dave Bujaucius [SMTP:bujauciusd@gliatech.com]
> Sent: 08 February 2002 20:47
> To: security-basics@securityfocus.com; focus-ms@securityfocus.com
> Subject: Local Administrator Rights
>
> I thought the domain administrator logging in on a Windows 2000 machine
> automatically was granted local administrator rights. Someone who
> doesn't work here anymore removed domain admin privilege from the local
> admin group on several W2K workstations. The only member of the local
> admins is now the local administrator. For some reason they made the
> domain admin a member of the local power users group. I don't have the
> local admin passwords on these machines, they could be anything. I
> cannot uninstall or install applications from these workstations.
> Anyone know of a way for a domain admin to force their way into the
> local admin group? The alternative is to reinstall 2000.
>
> Thanks,
> Dave

Relevant Pages

  • RE: software to control domain administrators
    ... these so-called controls on the admin. ... what would you do when you need that level of control. ... admin changed the domain admin password when he or she found out that they ... software to control domain administrators ...
    (Security-Basics)
  • Re: Finding a Hacker
    ... compromising the loca or domain admin acocunts, or by elevation, ... to get local admin rights on the machine used by the domain admin, ... If the hacker did get in remotely using an administrator account on ... Your problem is not restricting remote desktop connections. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Security Filtering does not work correctly in GPO
    ... administrator object for this GPO. ... I deleted the domain admin profile on the ... where the domain admin was logged on. ... I will now keep track on it, if the administrator receices the settings again. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Local Administrator Rights
    ... > Subject: Local Administrator Rights ... > doesn't work here anymore removed domain admin ... > admin group on several W2K workstations. ...
    (Security-Basics)
  • Re: how to make a user local admin in domain?
    ... > normal user a domain admin in order to give him just local admin??? ... >> Actually, so long as the Dom Admin has previously logged on before, ... Dom Admins are a member of local admins by default. ...
    (microsoft.public.win2000.security)
Quantcast