Archived from groups: microsoft.public.win2000.security (
More info?)
I understand that politics play a major role in corporate [or small
business] culture. I don't use chat but I try to check this newsgroup [and
others] almost daily. There also are other very helpful regulars on this
newsgroup. Glad you got it sorted out. --- Steve
"MSM" <MSM@discussions.microsoft.com> wrote in message
news:72852C6D-9E4D-46E5-BEC2-6CE42C299376@microsoft.com...
> Hi:
>
> Thanks for the info, unfortinately, I am betweena rock and a hard place.
> These users are a very private bunch and to have them agree to an sign
> anything that they will percieve as restricting them or giving someone
> access
> to hard drives will cause a major uproar and the onwners who want
> everything
> micromanaged. Your eailer post about resetting the the autoshare is good.
> I
> just managed to look at the comuter. All the setting for the C$ shares
> are
> there, however my admmin account has been deleted. I have just tried
> logging
> into the hard drive with the Administrator account and it works. Thank
> you
> for you help, by the way do you use a chat service, maybe next time I have
> a
> issue I can contact you direct.
>
> "Steven L Umbach" wrote:
>
>> If the user is local administrator then the inmates are running the
>> asylum
>> and that user could be doing anything on that computer including removing
>> the computer from the domain, changing ntfs and share permissions, or
>> more
>> likely has removed your account or domain admins group from local
>> administrators group. You should consider looking at ways to not allow
>> users
>> to be local administrators. Instead of trying to play games with this
>> user
>> take his computer and reimage it or repair it and have him and other
>> users
>> sign a computer user statement that prohibits junior hacking which
>> includes
>> anything that will deny domain admins access to the computer. Also be
>> sure
>> that auditing of logon events, policy change, and account management is
>> enabled on those computers. You should also be able to connect to any
>> domain
>> users computer as a domain admin and use Computer Management to access
>> those
>> computers to view the shares on that computer. A Group Policy startup
>> script
>> can be used to add domain admins or any user/group to the local
>> administrators group on a domain computer as in [ net localgroup
>> administrators /add "mydomain\domain admins" ]--- Steve
>>
>>
>> "MSM" <MSM@discussions.microsoft.com> wrote in message
>> news:BC185BDF-48AC-4B2C-87F9-C3FE64B7B4A3@microsoft.com...
>> > hi:
>> >
>> > I am tasked to monitor the network and the computers on the network. I
>> > am
>> > not allowed to use (purchase) any "Spy/Monitoring" Programs. So I am
>> > trying
>> > to use the brute force method of using the Admin Shares, and a index
>> > reader
>> > program. You are right these users have admin rights, I am wondering
>> > if
>> > this
>> > particular user has set up the secruity/sharing feature in such a
>> > manner
>> > that
>> > only thier user account can access thier computer. I can not even log
>> > in
>> > using the admin account. Thus I need to know how they may have done
>> > this,
>> > and if the way you discribe can be done in such a way that this person
>> > can
>> > not know it has been re-estiblished?
>> >
>> > Mark M.
>> >
>> > PS: this user is very adept at using the task manager
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> What exactly are you trying to do? It sure sounds like they are local
>> >> administrators if they can do what you describe which may be part of
>> >> your
>> >> problem. You can delete the default administrator shares by disabling
>> >> file
>> >> and print sharing, using poledit, or modifying the registry as shown
>> >> in
>> >> the
>> >> link below. --- Steve
>> >>
>> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;318755
>> >>
>> >> "MSM" <MSM@discussions.microsoft.com> wrote in message
>> >> news:C082D991-B1DD-4925-B347-5E2DBBEEA757@microsoft.com...
>> >> > Hi:
>> >> >
>> >> > I have a need to montor the hard drives in my network, however, I
>> >> > have
>> >> > a
>> >> > user who has not only mangae to figure out how to delete a
>> >> > "Administrative
>> >> > Share" for the session, but it seems they have manage to delete it,
>> >> > except
>> >> > of
>> >> > a "Log In Situation" even during a re-boot of the system. How is
>> >> > this
>> >> > possible and is there anyway to circumnavigate this users attempts
>> >> > to
>> >> > lock
>> >> > thier PC out of the loop, with out them knowing they are back in the
>> >> > loop.
>> >> > --
>> >> > Thank you for you help
>> >> >
>> >> > Mark M
>> >>
>> >>
>> >>
>>
>>
>>