|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: name of built-in administrator
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: name of built-in administrator
- From: Gerald Carter <cartegwEng.Auburn.EDU>
- Date: Tue, 28 Apr 1998 07:53:57 -0500
- Comments: To: Evgenii Borisovich Rudnyi <rudnyiMCH1.CHEM.MSU.SU>
- Organization: Auburn University
- Reply-To: jerryEng.Auburn.EDU
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Evgenii Borisovich Rudnyi wrote:
>
> Well, this is not the end of the story. The anonymous logon is also in
> the EVERYONE group. This means that actually it is possible to find
> out who is a built-in administrator and to see the history of the SAM
> at any domain into which you can run the anonymous session. Note that
> anonymous sessions are not audited by logon/logoff category.
>
I'm not so sure about the last comment. I have Events of id 528 (
successful logon ) log logon type 3 ( non interactive ) recorded for
user "Anonymous". Actually the username is "" but the event log shows
it as "Anonymous". not much more information there. Perhaps you mean
that you cannot tell anything about successful / failed priviledge use.
This I would agree with.
j-
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerryeng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
- Prev by Date: name of built-in administrator
- Next by Date: Re: Leveraging search engines against FrontPage enabled websites
- Prev by thread: name of built-in administrator
- Next by thread: Re: name of built-in administrator
- Index(es):