| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 34678 | 2003-06-20 08:24:00 | Win 2k Server security. | nz_liam (845) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 153804 | 2003-06-20 08:24:00 | I use windows 2000 server and active directory service and am having a little trouble with people hacking in (over the lan) and making a user that is part of the administrators group, then logging on to the default admin share for my C drive (using the user they created for admin authentication) and causing hell. Is there a way to a; password protect the creation of users in active directory and b; only allow users in the administrators group to login locally? Cheers Liam |
nz_liam (845) | ||
| 153805 | 2003-06-20 09:22:00 | a) Yes, do not allow untrustworthy individuals Domain or Enterprise Admin group membership. b) Yes, use a group policy at the appropriate level (Domain/Local/OU, etc) to deny this capability. |
BIFF (1) | ||
| 153806 | 2003-06-21 14:26:00 | > a) Yes, do not allow untrustworthy individuals Domain > or Enterprise Admin group membership. thats what I'm trying to do, however they keep granting them selves access by hacking my system.:| > b) Yes, use a group policy at the appropriate level > (Domain/Local/OU, etc) to deny this capability. I'm relatively new to this, how would i go about doing that? Cheers Liam :) |
nz_liam (845) | ||
| 153807 | 2003-06-22 04:20:00 | Looks like the first step is to unplug it from the LAN. :D No-one should be able to create users with Adminstrator privilege except the (one) Adminstrator. I believe that MS have produced a programme/scripted wizard/??? "something" which you can download and run to "lockdown" servers as part of their (belated) emphasis on security. That might be what you need. Try a search on google for "lockdown W2k server" and variations. |
Graham L (2) | ||
| 1 | |||||