|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Laura A. Robinson (larobins
bellatlantic.net)Date: Fri Nov 30 2001 - 17:16:05 CST
Why are you trying to delete the guest account, specifically?
Aside from that, if you boot into directory services restore mode on a DC,
AD is not initialized and you can manipulate it with utilities like
NTDSUTIL.
Laura
----- Original Message -----
From: "Robert Rota" <robert.a.rotasaic.com>
To: <focus-mssecurityfocus.com>
Sent: Friday, November 30, 2001 10:29 AM
Subject: AD access
>
>
> Quick question that I would like anyone to answer..
> Do you know of a utility that will access Active
> Directory in the LocalSystem Context? I would like to
> be able to delete the Guest account after I have
> promoted the server. As you know, accounts are then
> stored in ntds.dit. For some reason I cannot
> manipulate the name spaces the way I could the
> registry. Do you know of a tool that can modify these
> fields and that will run with system privilege? I have
> opened the adsi edit utility with LocalSystem privilege
> and still not been able to delete the Guest account.
> Any incite that you may have into this process would
> be appreciated. Also, do you know of a tool that can
> manipulate Active Directory if it is not loaded into
> memory? For instance, say I boot the DC with a
> floppy and mount the FS. Now I have bypassed ACLs
> and I want to edit ntds.dit? I assume the ADSI may be
> programmed to do this but I am skepticle about the
> ACL?
>
> Again, any incite would be greatly appreciated....
>
> Thanks,
>
> Rob
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]