Re: admin shares and security

"Antti" <ab@xxxxx> wrote in message
news:%23Wa6ESfPGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:Op70wsGPGHA.420@xxxxxxxxxxxxxxxxxxxxxxx
Some remote management tools use the admin shares.
If you are auditing login attempts you should be seeing logon
events of type 3 being recorded, success or failure, for the
network login attempts.

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eu3lLVNPGHA.2796@xxxxxxxxxxxxxxxxxxxxxxx
If the lockout policy is configured on the computer that has the share or
if the computer is a domain computer and the domain policy has lockout
enabled then it should also apply to network logons. If you enforce
strong passwords then you can rethink using account lockout which can
lead to denial of service attack against uses. FYI if some user gains
administrator access then having administrator shares will be among the
least of your orries. --- Steve


You are both right. I tried to connect (with wrong password) to an admin
share of a server I was already connected to with another username. I
guess for this reason it didn't succeed and there was absolutely nothing
in security log. I tested another server's shares - and yes - I was able
to lock out the (server's local) admin account and events were logged.
Thanks.

Antti


Makes sense.
If you start a new session to a server to which the login is
already connected the new session will use the existing
connection (and its credentials). Hence no failure.
If you attempt explicit mapping with use of different set
of credentials you should get a pop up saying you are
already connected to server with different credentials.
As it does not speak with server, no failure logged there.



.

Relevant Pages

  • Windows 2003 SP1 - Many problems on ISA 2000 server
    ... On one server, Microsoft Firewall failed to start with Event 11011: ... Network Address Translation because the system call PNATInit failed. ... Use the source location 308.1151.3.0.1200.365 to report the failure. ... This failure may be due to the Internet Connection Firewall ...
    (microsoft.public.isa.configuration)
  • Re: Newbie questions about trusted connections
    ... The drop downs don't necessarily show every available server - they ... >> A trusted connection uses Windows Authentication. ... >> user is authenticated based on their network login. ... You just tell the connection to use Windows ...
    (microsoft.public.sqlserver.server)
  • Re: 1st login always fails, 2nd always ok
    ... no errors in any event logs for either the server or the PCs trying to ... connectivity no longer works properly - it breaks the RDP connection ... momentarily when I try to copy files between local & remote drives. ... delay between hitting Ctrl-Alt-Del and the login window appearing? ...
    (microsoft.public.windows.terminal_services)
  • Re: VB6 Login Form to SQL Server
    ... Thank you -- I'll add to last login and last database to registry and ... pre-fill textbox each time Login form is displayed. ... > Attempting to open a connection without knowing with certainty that the ... It may seem adequate responsive once the server is ...
    (microsoft.public.vb.database)
  • Re: VB6 Login Form to SQL Server
    ... Thank you -- I'll add to last login and last database to registry and ... pre-fill textbox each time Login form is displayed. ... > Attempting to open a connection without knowing with certainty that the ... It may seem adequate responsive once the server is ...
    (microsoft.public.vb.database.ado)