Auditing a Domain from a Guest Account

From: REader (nextread@nntp.com)
Date: 03/28/02

• Next message: Bruce Bradbury \(remove XXX\): "Re: Bypass Traverse Checking not working"
• Previous message: r_brummel_out_@att.net: "Re: Can't Log In! Please Help!"
• Next in thread: Eric Fitzgerald [MSFT]: "Re: Auditing a Domain from a Guest Account"
• Reply: Eric Fitzgerald [MSFT]: "Re: Auditing a Domain from a Guest Account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "REader" <nextread@nntp.com>
Date: Thu, 28 Mar 2002 03:50:57 GMT

O.K. This question is definitely going to get me flamed (and as an MCSE, I
deserve it), but here it is:

I've been assigned a project auditing someone else's domain; the client
wants a simple user map listing the local/global users and groups, who and
what is a member of each, and NTFS permissions and shares. Pretty tame
stuff. There are only six servers: a PDC, three BDC's (don't ask), and two
member. Normally, I'd just use an off-the-shelf utility like Bindview or
Ecora to whip through the system and print out a nice map in Visio. I hate
sitting at consoles....

Here's the rub: the client insists that I sit at an NT4 Workstation, or
perhaps a Server console using an account with AT MOST domain guest and/or
domain user access, and browse through User Manager for Domains and Server
Manager and build the map by hand. She MIGHT allow the software, provided
the account it uses an account with only user/guest access.

I say it ain't gonna happen. I've been managing NT3x/4/Win2K over a period
of seven years, and am asking for a second opinion, lest I really am losing
my mind. Am I nuts for even entertaining the notion that a guest account
will allow me to browse objects and create maps? Is there something she
knows, that I do not?

Serious Responses/Flames only, Please

---

• Next message: Bruce Bradbury \(remove XXX\): "Re: Bypass Traverse Checking not working"
• Previous message: r_brummel_out_@att.net: "Re: Can't Log In! Please Help!"
• Next in thread: Eric Fitzgerald [MSFT]: "Re: Auditing a Domain from a Guest Account"
• Reply: Eric Fitzgerald [MSFT]: "Re: Auditing a Domain from a Guest Account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Determining password expiration ... I did not realize that an account still works with an expired password. ... > session was somehow changed at the expiration time. ... >> Looking up a domain server then calling that server for info is quite ... > When you don't have an entry in the map, ... (microsoft.public.win32.programmer.kernel) Re: Novell/Windows 2003 PW Syncing problem ... UNC drive mapping to map a shared folder on the Win2003 server, ... It maps the folder using Bob's windows password. ... IE Bob's account on his own pc is mirrored by an account on the Win2003 ... (comp.os.netware.misc) Re: how to create a local share on local computer ... I use the same login account. ... And both methods work if I map the share from another computer in the domain. ... inside the network has the server as the DNS. ... and a CNAME record intranet pointing to services.vescore.com ... (microsoft.public.windows.server.networking) Re: backup question ... I was concerned that if I map the ... drive under my account it would not exist under the context of the scheduled ... > What you can do is map a network drive on your server, ... >> server so the backup goes directly to another server? ... (microsoft.public.sqlserver.server) RE: Retrieving NT 4 Administrator password ... Retrieving NT 4 Administrator password ... > on the server, and apparently no one remembers the Administrator account ... > all they managed to do was lock themselves out of the account). ... until screensaver pops in and start your user manager to change the ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)