Re: Network Cable Disconnection and Elevated Access
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 22:44:58 -0500
Regular domain users do not have effective write access to the sysvol share.
I would be sure to check their group membership for the domain and
membership of administrators, domain admins, and enterprise admins for the
domain or they know the credentials for a domain administrator. This is
often possible by capturing logon credentials on a domain computer via
software or hardware keyboard loggers and is why domain administrators
should never be allowed to logon to a regular domain workstation. I would
also be sure to force all domain level administrators to change their
passwords ASAP.
Steve
"Lokiarmos" <2198234981234810834@Localhost> wrote in message
news:4F0D4037-3FBA-4D22-899F-6FFB7BD52E9A@xxxxxxxxxxxxxxxx
We have discovered in my workplace (A School) that they students are
unplugging
the network cables as the students log on, this prevents the GP from been
applied.
This then allows them the browse the network, although they can only see
visable shares which are not many but what did surprise me was that they
could get access to the sysvol and where able not only to write to it but
change permissions.
This in turned stuffed up sysvol and forced me to do a authorative restore
on it.
Now the questions i have are
1. Whom or to what level are they been authenticated as
2. How can i prevent them from logging on if the GPOs are not
applied.
3. And how do i do it in the way that won't affect the other users
(teachers) who use the machine.
.
- Prev by Date: Digital Signature and Private Key
- Next by Date: Re: TweakUI and Security
- Previous by thread: Re: Network Cable Disconnection and Elevated Access
- Next by thread: Re: HELP - *SPAM*
- Index(es):
