|
Posted by James Pang on August 12, 2005, 8:34 am
Please log in for more thread options
--
Tech Servant James Pang.
|
|
Posted by Olaf Engelke [MVP Windows Serv on August 12, 2005, 3:09 pm
Please log in for more thread options
Hi James,
there is no such thing like an invisible user in a group.
There are some possibilities how a user can have Administrator permissions,
without you are being aware of it.
For example:
He is member of another group, which is member of the Administrators group.
Check for such groups and their members.
The account/password combo of one of the Administrator accounts is known to
an unauthorized person.
Change the passwords for all accounts, which are member of the Administrator
group.
Some Scheduled task which is accessible for him is running in the context of
an Administrator (maybe by swapping the started file you could elevate
administrator permissions for that process).
Run Scheduled tasks with an account, which has the necessary permissions and
not more. Protect the called batches etc.
Some malware is used to break in to the system and work with the permissions
of the system account (so not really Administrator, but the system account
has also high level permissions).
Keep the patch level up to date and protect your machines against malware.
Limit the user permissions (especially software installation/execution,
drive access to external drives and data sources (CD, floppy, USB,
Internet).
Intensive auditing and studying of event logs on clients and server would be
the only way with Windows to discover such internal attacks.
Best greetings from Germany
Olaf.
|
|
Posted by Steven L Umbach on August 14, 2005, 8:25 pm
Please log in for more thread options If this is for an Active Directory domain you could use the dsget tool for
groups with the -expand option to find all members of a group including from
nested groups. Also you can use Group Policy Restricted Groups to enforce
membership of a group. --- Steve
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/96a4a5ee-ee72-44d5-845f-71b2de33d441.mspx
To display the list of members, recursively expanded, of the group Backup
Operators, type:
dsget group "CN=Backup
Operators,OU=Test,DC=Microsoft,DC=Com" -members -expand
"James Pang" <news.microsoft.com> wrote in message
>
>
> --
> Tech Servant James Pang.
>
|
| Similar Threads | Posted | | Find SID for a local user Account | March 6, 2006, 3:05 pm |
| Admin Privs without being in the administrator group | June 2, 2005, 5:02 pm |
| local admin group change, how? | November 2, 2005, 10:53 am |
| Unexpected security restriction for a user in both a user and administrative group. | April 24, 2008, 10:05 pm |
| Deny Right to Local Admin Group to Log On Via Terminal Services? | May 24, 2007, 12:28 pm |
| Restricting RDP to 2k3 DCs to only specific admins and not the entire admin group | May 29, 2008, 11:39 am |
| Can't find valid certificate | June 27, 2006, 12:27 pm |
| Restricted User Group | November 5, 2005, 3:37 pm |
| Inserting Raw SID Into User Group | February 13, 2006, 11:31 pm |
| Find Huge MCSE resources... | June 26, 2007, 6:40 am |
|
XML Sitemap