Re: Non-administrator has full admin rights !!!

From: Lo Tang (lo_tang@bellsouth.net)
Date: 04/24/02 

From: Lo Tang <lo_tang@bellsouth.net>
Date: Wed, 24 Apr 2002 17:27:29 -0400

Chris wrote:
> I have a NT4 domain based network with some Win2K servers added as
> well as Win2KPro client workstations. I have locked down security on
> the root directories of each server to only Administrator and/or
> Domain Administrator. Any attempt to access \\servername\c$ on any
> server from a client workstation produces an authorization prompt (as
> expected).
>
> Here is my problem: I have recently purchased a new workstation and
> installed a fresh Win2KPro setup plus various company applications. I
> have not yet joined the domain (WORKGROUP member). However, while
> logged in as local administrator on this machine, I can access any
> Win2K system (server or client) thru \\servername\c$ with FULL ACCESS
> PERMISSIONS!! This should not happen...I should be prompted to
> authenticate as above.
>
> NOTE: I do get a prompt if I try to access any of the NT4 servers (??)
>
> I checked and rechecked my permissions on the servers. I then tested
> client access to \\servername\c$. I get authorization prompt...good!
> I then tested from a test machine (domain member, logged in as local
> administrator). I get authorization prompt...good! Finally, I
> removed the test machine from the domain (WORKGROUP member) and tried
> again. I still get prompted...good!
>
> So can anyone explain this (or duplicate it?) Anything I should
> recheck or look out for?
>
> Thanks in advance!
>
> ...
> Chris

Microsoft security sucks! I've used this technique to get access to
client's systems when they've been locked out, or otherwise boogered...

Relevant Pages

  • Re: Big Windows Security Problem
    ... a security problem, unless you have certain security requirements that this ... You could also create an ipsec policy. ... > servers you could configure them to require ipsec security. ... >>>administrator, it allows them to access shares on our ...
    (microsoft.public.win2000.security)
  • Re: W2k patch impacts Exch5.5
    ... I run the Exchange 5.5 administrator program on my professional workstation ... and communicate just fine with our Exchange 5.5 servers on NT4 (w/ all ... critical and security hotfixes installed on both sides). ...
    (microsoft.public.win2000.security)
  • Have been hacked?
    ... Every service is a potential security threat, ... is certified and experianced to test your servers. ... change the name of the admin account and create ... log on the the server as an administrator... ...
    (microsoft.public.security)
  • Non-administrator has full admin rights !!!
    ... well as Win2KPro client workstations. ... Domain Administrator. ... I do get a prompt if I try to access any of the NT4 servers ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Non-administrator has full admin rights !!!
    ... > well as Win2KPro client workstations. ... > the root directories of each server to only Administrator and/or ... I do get a prompt if I try to access any of the NT4 servers ... they shouldn't be the same anyway for better security. ...
    (comp.os.ms-windows.nt.admin.security)