Local Admins group members systematically disappear
From: Boris (boris@ccsgs.com)
Date: 01/10/03
- Next message: Durand: "Re: Not enough server storage to process this command""
- Previous message: Durand: "Re: Obscene pictures & emails from one source"
- Next in thread: chris: "Re: Local Admins group members systematically disappear"
- Reply: chris: "Re: Local Admins group members systematically disappear"
- Reply: Roger Abell [MVP]: "Re: Local Admins group members systematically disappear"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Boris" <boris@ccsgs.com> Date: Thu, 9 Jan 2003 22:18:38 -0800
I have to admit, I am at a loss here...
A windows XP PRO system is part of w2k domain.
I would manually add Domain Admins and certain domain user
accounts to local Administrators group only to find out
that they are no longer there after awhile....
Enabling Account Management auditing reveals that at
random times, something that assumes LOCAL SYSTEM security
context systematically removes everything but local
Administrator account from Administrators group.
Used tlist -s to check for suspicious services
Checked registry
Found no illegitemate stuff.
Suspect some kind of a trojan, but can't prove.
All ideas are appreciated.
Thanks
Boris
- Next message: Durand: "Re: Not enough server storage to process this command""
- Previous message: Durand: "Re: Obscene pictures & emails from one source"
- Next in thread: chris: "Re: Local Admins group members systematically disappear"
- Reply: chris: "Re: Local Admins group members systematically disappear"
- Reply: Roger Abell [MVP]: "Re: Local Admins group members systematically disappear"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
