|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NT Domain_Create_Alias vulnerability
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: NT Domain_Create_Alias vulnerability
- From: Russ <Russ.CooperRC.ON.CA>
- Date: Thu, 28 May 1998 12:53:13 -0400
- Comments: To: Paul L Schmehl <paulsutdallas.edu>
- Reply-To: Russ <Russ.CooperRC.ON.CA>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
>Will it also replicate to the BDCs and take them down too? Most certainly, groups are SAM objects like anything else and need to be replicated across BDCs (if you can promote a BDC to PDC then it needs to contain everything that the PDC does SAM-wise). Tim Chilton, quite rightly, pointed out another problem. Once the SAM grows, it does not automatically compact itself, and there is no utility to do so. KB article http://support.microsoft.com/support/kb/articles/q140/3/80.asp explains 3 methods that could be used to reduce the size of the SAM after you have manually deleted all of the unwanted groups, but none of them are quick or friendly. As Tim pointed out to me, these extra SAM entries also consume physical memory, so you don't need to completely fill the SAM with wanton groups in order to create a problem for DCs with limited RAM. The above article references http://support.microsoft.com/support/kb/articles/Q130/9/14.asp as well, which goes into details about RAM usage and SAM entries (note that this article is for 3.5, its probably safe to assume the requirements have increased in 4.0). Cheers, Russ
- Prev by Date: Re: NT Domain_Create_Alias vulnerability
- Next by Date: CREATALS.EXE - WARNING!!!
- Prev by thread: Re: NT Domain_Create_Alias vulnerability
- Next by thread: Re: NT Domain_Create_Alias vulnerability
- Index(es):