Re: domain admin account impersontating
- From: "Pedro Leite" <aa>
- Date: Tue, 7 Nov 2006 10:04:28 -0000
good morning
thank you for the information.
so, can we say that is " by design " ?? it happens because it does. ( not
flaming, just trying to make things clear )
does this happens only on admin accounts ? can i create an user on the off
domain pc and logo to the shares with the user's domain password ?? this
kind of breaks the concept of windows domains doesn't it ??
apart from the obvious of having the domain admin account " on the loose ",
are thre any other security issues that i should be on the lookout for ??
and before someone says it, i fully agree that having the local admin user
equal to the domain admin is a cumbersome error. a malpractice that i must
correct.
thank you
PLeite
-------------------------------------------------------------------
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> escreveu na mensagem
news:%23cqF1faAHHA.4592@xxxxxxxxxxxxxxxxxxxxxxx
Windows has done this for a very long time.and
If you have two accounts, in separate authentication realms, and those
accounts have the same name and password, then while using one of
them it is possible to access resources in the other realm by means of
the other account. This happens "transparently" with a login behind
the scenes when an access attempt is made. It is not a matter of the
accounts having the same SID (which they do not) but that one can
log in as the other by presenting its own credentials since they match.
"Pedro Leite" <aa> wrote in message
news:%23eBIMYaAHHA.4592@xxxxxxxxxxxxxxxxxxxxxxx
good afternoon
can anyone explain this behaviour ?? as described
setup is sbs 2k3
recently added a new pc to the network and to the domain for updates and
application deployment.
so, i named the pc admin account the same as the domain admin account
samegave it the same password.
now, the new pc is off the domain but the admin account is still the
overwith the same domain admin password.
whenever i log to the pc with the admin account, i have full control
accountthe domain machines, c$ share, all users document folders, all shares,
direct internet acces through the firewall...
questions, is the domain admin sid the same as a local admin sid's
--?? the authentication being made with a blend of username and password,
all
mixed up, hashed whatever and then sent to validation ??
isn't the domain admin account user equal to domainname\admin and the
local
admin, machinename\admin ??
for my knowledge please comment on the above
thank you
Pedro Leite
--------------------------------------------------------------------------
---
.
- Follow-Ups:
- Re: domain admin account impersontating
- From: Roger Abell [MVP]
- Re: domain admin account impersontating
- References:
- domain admin account impersontating
- From: Pedro Leite
- Re: domain admin account impersontating
- From: Roger Abell [MVP]
- domain admin account impersontating
- Prev by Date: Re: Basic IPSec question.
- Next by Date: GPO for trusted root CA certs
- Previous by thread: Re: domain admin account impersontating
- Next by thread: Re: domain admin account impersontating
- Index(es):
Relevant Pages
|
