Re: Windows 2003 remote admin access
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 30 Jun 2006 08:26:22 -0700
Then I would look at the web content, as I try to say before, at
least if the content are is IIS enabled as application (i.e. supports
asp, asp.net) or if any areas are enabled for scripting (i.e. granted
execute, such as for cgi). Consider, if any area is made to allow
non-anonymous browsing, then that area when browsed will have
access done in context of the authenticated browsing account (i.e.
the person's admin account) so any code posted to the content
area couuld be made to run with that account. Similarly, if the
authoring is being done with use of the FrontPage server extensions,
or if FTP is configured with excess dirs, then once authenticated to
author with these as an admin account the authoring would only
be limited to areas defined as vdirs in IIS and/or FTP. If you
are finding changes at other locations, or changes to machine
config settings (new accounts, service properties changes, etc.)
then I would examine the content of web script and/or application
areas (assuming your statements about dcom over http, ports
allowed, rdp not allowed are all correct).
"John Collins" <jc1998@xxxxxxxxx> wrote in message
news:e82m6l$g02$1@xxxxxxxxxxxxxxxxxxxxxx
Hello Roger,
The server sits behind a hardware firewall which is only allowing those
particular ports inbound so access on any other ports shouldn't be
possible. The user does have HTTP and FTP web authoring access but this
should (as I understand it) only be for the areas defined in IIS under the
website and FTP sites? DCOM proxying certainly hasn't been enabled
manually by myself. I'm assuming that this wouldn't be enabled by default?
How can I check to see if it is enabled and if so how can this be used to
gain access?
Many thanks,
John
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:Oi%239fQ%23mGHA.3544@xxxxxxxxxxxxxxxxxxxxxxx
Are they allowed to author web content ? particularly if it is in
and IIS defined application area ??
Has DCOM proxying over HTTP been enabled ?
How are you certain that there are no other allowed ports ?
"John Collins" <jc1998@xxxxxxxxx> wrote in message
news:e80ucu$d86$1@xxxxxxxxxxxxxxxxxxxxxx
Hello,
I have a query which is only apparent due to politics in the work place.
On a technical level I can quite easily stop this issue but am intrigued
as to how this can be happening?..
One of our Windows 2003 servers is being accessed by a user who does
have an administrator account, but does not have local access to the
server. From outside the local network the only permitted inbound access
is for HTTP, HTTPS, SMTP and FTP, all using the standard ports. There
is no remote access software installed, e.g. Remote Desktop, NetOp etc.
How can it be possible for files to be added / removed, permissions
changed etc on this server via these protocols? (Obviously the user can
interact with the services that are provided, but things are changing
outside of these locations).
Any ideas at all, anyone?
Thanks,
John
.
- References:
- Windows 2003 remote admin access
- From: John Collins
- Re: Windows 2003 remote admin access
- From: Roger Abell [MVP]
- Re: Windows 2003 remote admin access
- From: John Collins
- Windows 2003 remote admin access
- Prev by Date: Re: Local System Account & Network Access
- Next by Date: Re: Local System Account & Network Access
- Previous by thread: Re: Windows 2003 remote admin access
- Next by thread: How many "current" microsoft bulletins are there?
- Index(es):
Relevant Pages
|
