Re: Granting Admin rights to non administrators

From: times enemy (timesenemy_at_gmail.com)
Date: 02/04/05


Date: 4 Feb 2005 11:58:09 -0800

greetings.

i must agree, that you should CYA as much as possible here, and that
you should verify that your resume is up-to-date, and then use it to
perhaps find a better work environment.

Some other suggestions:

* Ensure that the backups are running clean and with 100% integrity.

* Review logs to see where tinkerbell wanders off into. If you do not
have such logging in place, then there's another project to add to the
list, for total network security of course.

* If you are paranoid that tinkerbell is just an accident waiting to
happen, then lock his account out of system critical areas. From the
description you gave, it does not seem as though he will be able to
circumvent even the simplest security mechanisms. Also, this ties in
with the logging ... if you find he is intentionally trying to get to
such areas, where he most likely has no right to even know they exist,
then the logs could come in handy.

* If you are curious ... setup a honeypot/net on the network.

* You said he has attempted to gain network admin access since day one.
 If you mean just politically that is one thing. If you mean by
attacking the network, that is an entirely different matter. If
anyone, apart from an authorized pen-tester or such, hits the network,
that should, amongst other things, shortly follow-up with some HR
and/or Legal counselling.

* Pray for an out.

I sure do not envy your situation. Good luck!

~ ciao
.te



Relevant Pages

  • Re: Checking Outbound Exchange Email
    ... The reason being is I have a client computer generating what possibly could be spam mail and I want to identify which computer is generating so many email messages. ... Next, what is the network topology, are you using one NIC or two in the SBS? ... My other usual recommendation is to enable logging on your Internet router, if it can do that, and to look for the feature in future purchases if it can't. ...
    (microsoft.public.windows.server.sbs)
  • RE: web monitoring tool
    ... The may get malware into your network ... >>firewall to allow the traffic through, but without logging. ... > 30-days of free technical support. ...
    (Security-Basics)
  • Re: Stange access problem
    ... Logging in to the domain. ... The guy's not logging in properly so all network ... account, the internet, or any other server resource, even after logging ... it asks for his username and password. ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Who opens my file?
    ... file path or where I can find other logging options? ... Dim FileNum As Integer ... of your app will be running on a network, and if there is a spot on ... Below is a sample where logging and the location of the log ...
    (microsoft.public.excel.programming)
  • Re: Abosolute beginners questions
    ... In fact one of the more popular questions is how to _prevent_ ... controller for a small school network. ... Does WS2003 allow for logging in from multiple locations with the same ID, ... Everything we have read re the installion and configuration ...
    (microsoft.public.windows.server.networking)