WINDOWS 2000 SECURITY HOLE
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
HAVING ADMIN RIGHTS.
ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
SAME PC IT IS NORMAL.
MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
HAVING ADMIN RIGHTS.
ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
SAME PC IT IS NORMAL.
MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
More about : windows 2000 security hole
Archived from groups: microsoft.public.win2000.security (More info?)
Your Caps Lock key must have fallen in the security hole too.
John
IT_OPS wrote:
> I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
Your Caps Lock key must have fallen in the security hole too.
John
IT_OPS wrote:
> I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
Archived from groups: microsoft.public.win2000.security (More info?)
IT_OPS wrote:
> I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE
> WINDOWS DOMAIN AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON
> SP4.ONE NORMAL USER WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL
> THE SHARES AND COMPLTELY ADMINISTER DELETE FILES CAN SEE SECURITY LOG
> I MEAN HE CAN DO EVERYHTING.SAME USER IF HE GOES TO OTHER PC HE CAN
> NOT ACCESS ANYTHING MEANS IT IS NORMAL.AFTER THAT I UPDATE SERVER
> WITH ALL SECURITY PATCHES RELEASED AFTER SP4 AND CLIENT I PUT XP SP2
> BUT STILL THAT USER WITH THAT PROFILE HE IS HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN
> EVERYTHING IS NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF
> OTHERS LOG ON TO THE SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS
> FROM THE NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
What groups is this user in?
What permissions does this user have? Profiles don't have permissions -
users (and in AD, computer objects) do.
Please turn off your caps lock - it is hard to read and is considered
"shouting". Also note that this is a group for Windows 2000 - your question
seems to concern WinNT, and XP clients.
IT_OPS wrote:
> I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE
> WINDOWS DOMAIN AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON
> SP4.ONE NORMAL USER WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL
> THE SHARES AND COMPLTELY ADMINISTER DELETE FILES CAN SEE SECURITY LOG
> I MEAN HE CAN DO EVERYHTING.SAME USER IF HE GOES TO OTHER PC HE CAN
> NOT ACCESS ANYTHING MEANS IT IS NORMAL.AFTER THAT I UPDATE SERVER
> WITH ALL SECURITY PATCHES RELEASED AFTER SP4 AND CLIENT I PUT XP SP2
> BUT STILL THAT USER WITH THAT PROFILE HE IS HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN
> EVERYTHING IS NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF
> OTHERS LOG ON TO THE SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS
> FROM THE NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
What groups is this user in?
What permissions does this user have? Profiles don't have permissions -
users (and in AD, computer objects) do.
Please turn off your caps lock - it is hard to read and is considered
"shouting". Also note that this is a group for Windows 2000 - your question
seems to concern WinNT, and XP clients.
Archived from groups: microsoft.public.win2000.security (More info?)
More than likely that user was using "stored credentials" that used admin
credentials for some reason. It makes absolutely no sense that the same user
has different access when logged onto different computers otherwise. What
you should do is have that user connect from the problem computer again and
then use Computer Management/shared folders/sessions to see exactly how that
user is connected to the server. It may be a different user that what he
logs onto the computer. You could also enable auditing of logon events in
Domain Controller Security Policy and look in the security log to see how
that user is authenticated to the server. -- Steve
"IT_OPS" <IT_OPS@discussions.microsoft.com> wrote in message
news:2998D2C0-34F4-47EA-ADE4-4F3983464A5E@microsoft.com...
>I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS
>DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO
> EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING
> IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
More than likely that user was using "stored credentials" that used admin
credentials for some reason. It makes absolutely no sense that the same user
has different access when logged onto different computers otherwise. What
you should do is have that user connect from the problem computer again and
then use Computer Management/shared folders/sessions to see exactly how that
user is connected to the server. It may be a different user that what he
logs onto the computer. You could also enable auditing of logon events in
Domain Controller Security Policy and look in the security log to see how
that user is authenticated to the server. -- Steve
"IT_OPS" <IT_OPS@discussions.microsoft.com> wrote in message
news:2998D2C0-34F4-47EA-ADE4-4F3983464A5E@microsoft.com...
>I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS
>DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO
> EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING
> IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
Related ressources:
- ForumHole in Registery Keys on Office and Windows 2000
- ForumFiles deleted after using 'repair install' security hole ?
- ForumSecurity hole in file sharing (bug?)
- ForumPC Magazine article on Win XP SP 2 security hole
- ForumCustom windows /fan hole molding?
- ForumThe Kernal Is A Huge Security Whole In Windows
- ForumWindows 2000 Security issues
- ForumHow Many Use Windows 2000 ?
- ForumHow do i get past windows 2000 logon security
- ForumBlack hole like Hard Drive device (weird hey!?)
- ForumHelp , Changing security setting of windows 2000 server fo..
- ForumWindows 2000 security vulnerability solution
- Forumwired 802.1x security in windows 2000
- ForumParallel and com ports not appearing in device manager
- Forumnetwork scanner for windows patch KB835732
- ForumRecovering Encrypted File on WIndows XP workstation
- ForumWindows 2003 CA in W2K Domain
- ForumWindows Security
- ForumWindows Security
- ForumWindows Client and Server Security
- More resources
!
