Re: WINDOWS 2000 SECURITY HOLE

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 01/28/05

• Next message: Paul McGuire: "Terminal Services Security"
• Previous message: Kerodo: "IPSEC"
• In reply to: IT_OPS: "WINDOWS 2000 SECURITY HOLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Jan 2005 18:17:16 -0600

More than likely that user was using "stored credentials" that used admin
credentials for some reason. It makes absolutely no sense that the same user
has different access when logged onto different computers otherwise. What
you should do is have that user connect from the problem computer again and
then use Computer Management/shared folders/sessions to see exactly how that
user is connected to the server. It may be a different user that what he
logs onto the computer. You could also enable auditing of logon events in
Domain Controller Security Policy and look in the security log to see how
that user is authenticated to the server. -- Steve

"IT_OPS" <IT_OPS@discussions.microsoft.com> wrote in message
news:2998D2C0-34F4-47EA-ADE4-4F3983464A5E@microsoft.com...
>I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS
>DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO
> EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING
> IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.

• Next message: Paul McGuire: "Terminal Services Security"
• Previous message: Kerodo: "IPSEC"
• In reply to: IT_OPS: "WINDOWS 2000 SECURITY HOLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: New to SMS - have a Collections question. ... local admin of both the SMS server and the server the database is on. ... However this is a security problem. ... Access to objects is based on Security Rights (if you scroll down the ... (microsoft.public.sms.admin) Re: Secure host newbie - fun - humm ... decision, as the admin, whether or not to take down the server. ... Listen, as a security specialist, I *know* that every single box that I, ... some level of risk and that there is no "100% I'm secure" level. ... (Security-Basics) Re: Cant delete users in SharePoint ... Thanks for the info. I'm an admin, but the actual server is sitting ... "Manage Security" screen. ... They still show up in SharePoint. ... (microsoft.public.sharepoint.portalserver) Re: Cant delete users in SharePoint ... You have to be an admin on the server or be the site collection administrator to see the siteusrs.aspx screen. ... "Manage Security" screen. ... (microsoft.public.sharepoint.portalserver) Re: Distribution Point on Windows 2003 DC ... better security practice would be to add it to the Administrators ... local group on the DC. ... that is still better than making it an admin to every computer in the ... >> Make sure to reboot the site server after adding it to the group. ... (microsoft.public.sms.admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint