Re: domain admin account impersontating

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Mon, 6 Nov 2006 06:32:12 -0700

---

Windows has done this for a very long time.
If you have two accounts, in separate authentication realms, and those
accounts have the same name and password, then while using one of
them it is possible to access resources in the other realm by means of
the other account. This happens "transparently" with a login behind
the scenes when an access attempt is made. It is not a matter of the
accounts having the same SID (which they do not) but that one can
log in as the other by presenting its own credentials since they match.


"Pedro Leite" <aa> wrote in message
news:%23eBIMYaAHHA.4592@xxxxxxxxxxxxxxxxxxxxxxx

good afternoon

can anyone explain this behaviour ?? as described
setup is sbs 2k3

recently added a new pc to the network and to the domain for updates and
application deployment.
so, i named the pc admin account the same as the domain admin account and
gave it the same password.
now, the new pc is off the domain but the admin account is still the same
with the same domain admin password.

whenever i log to the pc with the admin account, i have full control over
the domain machines, c$ share, all users document folders, all shares,
direct internet acces through the firewall...

questions, is the domain admin sid the same as a local admin sid's account
?? the authentication being made with a blend of username and password,
all
mixed up, hashed whatever and then sent to validation ??

isn't the domain admin account user equal to domainname\admin and the
local
admin, machinename\admin ??

for my knowledge please comment on the above

thank you

Pedro Leite
----------------------------------------------------------------------------
---

.

---

• Follow-Ups:
  • Re: domain admin account impersontating
    • From: Pedro Leite

• References:
  • domain admin account impersontating
    • From: Pedro Leite

• Prev by Date: domain admin account impersontating
• Next by Date: Re: Basic IPSec question.
• Previous by thread: domain admin account impersontating
• Next by thread: Re: domain admin account impersontating
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: domain admin account impersontating ... i guees that the bottom line is that the domain admin account can be ... with the same username and password. ... Starting with Windows XP this became less simple, ... (microsoft.public.windows.server.security) Re: Domain Administrator Locked ... Power Your Active Directory Investment ... be able to unlock the Domain Admin's account that way. ... account in the domain with domain admin access ?Well, there is a local admin account (aka Directory Services Restore Mode ... (microsoft.public.windows.server.general) Re: Virus is getting domain account listing ... In 2003 you can change the process ID of the admin account. ... Play with the net user command at your command prompt and see what ... dictionary attack against every single account could happen. ... (Focus-Microsoft) Re: How to restore Admin account?? ... Remote Operator group from Administrator User. ... SBS 2003 by default don't allow the Admin account to logon through TS? ... "Frank McCallister SBS MVP" wrote: ... (microsoft.public.windows.server.sbs) Re: Having two Administrators ... "Administrator" (accessible through safe mode in XP home ... I noticed that in control panel user accounts ... >> they do in the Admin account I get to though normal ... (microsoft.public.windowsxp.basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2006-11