Re: Netowrk Admin. Breach
- From: "Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx>
- Date: Sat, 7 Jun 2008 10:15:44 -0600
I don't like harping on this, but here's another really good example of why
the use of administrator accounts (domain and local) should be restricted as
much as possible. Anyone needing to logon as a domain admin or a server
admin should be provided with their own privileged domain account that is
made a member of the corresponding "administrators" group(s). Administrators
should generally know the passwords of only the personal accounts assigned
to them; when they leave, you then just have to disable their accounts to
keep them from gaining unauthorized access.
/Al
"Anthony [MVP]" <anthony@xxxxxxxxxxxx> wrote in message
news:eNabjTGyIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
I don't really want to discuss how to do it, but it is easily done,
Anthony,
http://www.airdesk.co.uk
<chadpendergrass@xxxxxxxxx> wrote in message
news:0460e10d-9d38-4c89-be1a-3305ce7f2fc5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 6, 1:49 pm, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:
Yes he could, if other domain admins were using it,
Anthony, http://www.airdesk.co.uk
<chadpendergr...@xxxxxxxxx> wrote in message
news:88b63b99-0760-4ea7-b6d3-cdb10b130c8a@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 5, 1:48 pm, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:
I'm afraid that's a bit too open ended to answer. What symptoms are you
seeing?
Anthony,http://www.airdesk.co.uk
<chadpendergr...@xxxxxxxxx> wrote in message
news:a74666b0-4e23-4b4c-94ea-34161f7be95a@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 5, 4:23 am, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:
Yes they could.
I would change it, and also check the logs to see what accounts have
logged
on recently,
Anthony,http://www.airdesk.co.uk
<chadpendergr...@xxxxxxxxx> wrote in message
news:2926a203-882d-40a3-a6fe-a0f9877d76b9@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello all, a few weeks ago we had to fire the current network
administrator. We changed all the domain passwords, but here's what
I'm worried about....
We didn't change the local administrator password on the Terminal
Server. The old network admin. can still login using these
credentials, but since the domain password has been changed what
harm
could that do? I will be changing the local admin. password as
well,
but was wondering if anyone could do damage to the domain this way.
Any ideas?- Hide quoted text -
- Show quoted text -
Do you have any idea what they could possibly do? I already chaged it,
but I'm wondering if the odd behavior we've been seeing is caused by
him logging on before it was changed.- Hide quoted text -
- Show quoted text -
I see some services disabled. Nothing critical, but it's enough to
cause some annoyances. Could he get the domain admin password from
that server?- Hide quoted text -
- Show quoted text -
I'm sorry. I don't understand. If he knew the local admin. account,
but nothing on the domain then how could he cause damage domain wide?
On that particular system I could understand. But on the rest of the
network???
.
- References:
- Netowrk Admin. Breach
- From: chadpendergrass
- Re: Netowrk Admin. Breach
- From: Anthony [MVP]
- Re: Netowrk Admin. Breach
- From: chadpendergrass
- Re: Netowrk Admin. Breach
- From: Anthony [MVP]
- Re: Netowrk Admin. Breach
- From: chadpendergrass
- Re: Netowrk Admin. Breach
- From: Anthony [MVP]
- Re: Netowrk Admin. Breach
- From: chadpendergrass
- Re: Netowrk Admin. Breach
- From: Anthony [MVP]
- Netowrk Admin. Breach
- Prev by Date: Re: Netowrk Admin. Breach
- Next by Date: Re: Netowrk Admin. Breach
- Previous by thread: Re: Netowrk Admin. Breach
- Next by thread: Re: Netowrk Admin. Breach
- Index(es):
Relevant Pages
|
