Power user privilege question . .

From: Grey Ash (ccarmadillo_at_hotmail.com)
Date: 07/28/03

• Next message: Pankaj Dang: "Some Security Issue"
• Previous message: Miha Pihler: "Re: EFS and Smart Card"
• Next in thread: Steven L Umbach: "Re: Power user privilege question . ."
• Reply: Steven L Umbach: "Re: Power user privilege question . ."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Jul 2003 00:59:43 -0700

Hi all. I have a small home network of a few computers for
my family. I was wondering if there is a
hack/virus/trojan/ other bad automated way for someone to
elevate a power user to administrator privileges. My
younger brother managed to take a power user account and
raise it up to administrator levels. I'm quite sure he
didn't do it deliberately. And this makes me believe that
he installed something off the web accidentally by
clicking 'yes' when he should have clicked 'no' or opened
an email that he shouldn't have maybe with a script or
something attached. I really am not sure but I'm confident
he didn't go through the steps to hack his account. Oh, I
should also add that even though I demoted the account in
question to user level, it still retains admin privileges.
And also some of the local security policies were changed
("Enforce password history", "Disable task
manager", "Disable lock computer", and a few more)
Now, I read that one can do this sort of administrative
privilege thing with a bug in NAV Corp. Ed. but I actually
(yes, quite boneheaded of me, I know) forgot to install it
on that particular machine. Can anyone else think of other
ways to do this that would also make changes to the group
policies? (Ah yes, I should also mention that I failed to
update any security patches after SP2 thinking our
firewall would save us.) TIA . .

---

• Next message: Pankaj Dang: "Some Security Issue"
• Previous message: Miha Pihler: "Re: EFS and Smart Card"
• Next in thread: Steven L Umbach: "Re: Power user privilege question . ."
• Reply: Steven L Umbach: "Re: Power user privilege question . ."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Limiting rights to a second administrator account ... IMHO there is no way to reliably limit any Administrator ... equivalent account. ... If these computers all log into a network server somewhere such as a Windows ... My main concern would be protecting the admin account password and limiting ... (microsoft.public.win2000.security) Re: Please read and respond ... Can anyone explain to me why a NEW account that has 'Administrator' privileges not be able to view videos in IE7 the same as the Administrator account? ... (microsoft.public.windowsxp.general) Re: Leopard Console query ... privileges actually work combined with the fact that you've deleted ... shouldn't be using an administrator account for day-to-day tasks. ... A new user account sheet appears. ... (comp.sys.mac.system) Re: locking XP from the little brats ... XP Home computers that are part of workgroup. ... They do not have enough money for full time administrator ... I added a guest account, the onlyway they can login is ... is the BIOS password protected? ... (microsoft.public.windowsxp.general) Re: locking XP from the little brats ... I added a guest account, the onlyway they can login is thrue the guest ... administrator accounts are locked with password changed ... whoever made the decision to order computers with XP Home ... is the BIOS password protected? ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)