Re: Faking administrators accounts?

From: Jeff Cochran (jcochran)
Date: 06/05/02


From: jcochran at naplesgov dot com (Jeff Cochran)
Date: Wed, 05 Jun 2002 12:37:08 GMT


On Tue, 4 Jun 2002 23:58:54 +0200, "David Cur."
<davidcurtis20@hotmail.com> wrote:

>I was told it'll be great to fake some "admin" users as yet another security
>step.
>those fake users should get "no rights" - what do this mean? to make them
>and mark
>them as disabled? not to put them as a member in any group?

The administrator account is given no rights and removed from all
groups. In addition, you give it a long, unintelligble password with
uppercase, lowercase, numbers and symbols. Then you set auditing on
the account, and monitor it for attempted intrusions.

Make sure you give other accounts all the admin rights first. :)

Jeff



Relevant Pages

  • Re: Checking User Status
    ... their domain account may be in the local admin group. ... rights without doing that query? ... You pass the AdsPath of the prospective member ...
    (microsoft.public.scripting.vbscript)
  • Re: Prevent changes to Administrator password
    ... What I am trying to do is give Taz1972 some options to minimize the risk or make it harder for a lower-level DA to reset the password for the EA account. ... * This posting is provided "AS IS" with no warranties and confers no rights! ... > By adding the Deny Write Permissions ACE, ... > permission to modify the ACL on AdminSDHolder. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2003 Users vs Software
    ... You need to have both an admin and a limited account ... >> as a limited user, to effect, "the software has not been installed ... The users do not have rights to install programs. ...
    (microsoft.public.security)
  • Re: Incoming E-Mail - cant create contact in OU
    ... already have the application pool delegated rights to the OU. ... In my experience it is because you didn't quite delegate enough rights to ... the account in the OU. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Incoming E-Mail - cant create contact in OU
    ... Go to the OU in security/advanced I added my sharepoint application pool ... that account a little (if the web app is compromised or something, ... Now I understand that you have given the account "full rights" of the OU, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)