OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ralph H Carothers III (carothersrSURGENT.COM)
Date: Mon Aug 13 2001 - 13:54:22 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I dont know if I sent this to the right place, but I know that on my network
    here we have an issue with account policies period.

    The Active Directory will not allow me to read it correctly. I might be
    horrid at explaining this...but here goes:

    With no service packs, my Domain server was fine. It would allow me to
    allow local account policies to group domain accounts. (For instance, I
    would open up my local account grouping of Administrators. (Not the account
    Administrator, the actual group Administrators, it will also do the same for
    power users etc.)

    I would then hit ADD USERS, select the domain (for example: hq.blahblah.com)
    and pick the accounts I wanted to give local Admin access to so that they
    could then install programs, etc.

    I would hit ok, it would say it could not find the specified domain, and
    then I would get booted back to the account names under the local admin
    group. All of the accounts I added would be there but with like naming such
    as:

    \\3213-32132-32343-1245\domainusername

    Once you hit ok, and then re-open the Admin group again, the accounts are
    listed as something such as:

    \\blahblah\domainusername

    Not \\hq.blahblah.com\domainusername as they should be.

    If you upgrade your service pack...forget EVER adding anymore local users.

    I've had this on an NT 4.0 network. (SP6a) I've had it on a Native win2k
    network with no service packs, and SP 1 and SP 2.

    The only way you can change local groups to give domain users those rights
    locally is through Group Policies applied to them directly, or to do it
    directly before you upgrade the service packs. (A pain because you then need
    a re-install for each new user.)

    Unfortunatly, the Group Policies will sometimes also not take if this bug is
    active.

    -Ralph H Carothers III

    ============================================================================
    Delivery co-sponsored by Trend Micro, Inc.
    ============================================================================
    TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE

    If you are worried about email viruses, you need Trend Micro ScanMail for
    Exchange. ScanMail is the first antivirus solution that seamlessly
    integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
    ensures 100% inbound and outbound email virus scanning and provides remote
    software management. Download a FREE 30-day trial copy of ScanMail and find
    out why it is the best:
    http://www.antivirus.com/banners/tracking.asp?si=8&BI;=240&UL;=/smex2000
    ============================================================================