Sign in with
Sign up | Sign in
Your question

WINDOWS 2000 SECURITY HOLE

Tags:
  • Security
  • Windows 2000
  • Windows XP
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
January 27, 2005 5:09:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
HAVING ADMIN RIGHTS.
ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
SAME PC IT IS NORMAL.
MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.

More about : windows 2000 security hole

Anonymous
a b 8 Security
January 27, 2005 11:29:13 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Your Caps Lock key must have fallen in the security hole too.

John

IT_OPS wrote:
> I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
Anonymous
a b 8 Security
January 27, 2005 2:03:52 PM

Archived from groups: microsoft.public.win2000.security (More info?)

IT_OPS wrote:
> I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE
> WINDOWS DOMAIN AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON
> SP4.ONE NORMAL USER WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL
> THE SHARES AND COMPLTELY ADMINISTER DELETE FILES CAN SEE SECURITY LOG
> I MEAN HE CAN DO EVERYHTING.SAME USER IF HE GOES TO OTHER PC HE CAN
> NOT ACCESS ANYTHING MEANS IT IS NORMAL.AFTER THAT I UPDATE SERVER
> WITH ALL SECURITY PATCHES RELEASED AFTER SP4 AND CLIENT I PUT XP SP2
> BUT STILL THAT USER WITH THAT PROFILE HE IS HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN
> EVERYTHING IS NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF
> OTHERS LOG ON TO THE SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS
> FROM THE NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.

What groups is this user in?
What permissions does this user have? Profiles don't have permissions -
users (and in AD, computer objects) do.
Please turn off your caps lock - it is hard to read and is considered
"shouting". Also note that this is a group for Windows 2000 - your question
seems to concern WinNT, and XP clients.
Anonymous
a b 8 Security
January 27, 2005 9:17:16 PM

Archived from groups: microsoft.public.win2000.security (More info?)

More than likely that user was using "stored credentials" that used admin
credentials for some reason. It makes absolutely no sense that the same user
has different access when logged onto different computers otherwise. What
you should do is have that user connect from the problem computer again and
then use Computer Management/shared folders/sessions to see exactly how that
user is connected to the server. It may be a different user that what he
logs onto the computer. You could also enable auditing of logon events in
Domain Controller Security Policy and look in the security log to see how
that user is authenticated to the server. -- Steve


"IT_OPS" <IT_OPS@discussions.microsoft.com> wrote in message
news:2998D2C0-34F4-47EA-ADE4-4F3983464A5E@microsoft.com...
>I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS
>DOMAIN
> AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
> WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
> ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO
> EVERYHTING.SAME
> USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
> NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
> SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
> HAVING ADMIN RIGHTS.
> ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING
> IS
> NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
> SAME PC IT IS NORMAL.
> MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
> NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.
!