I'd love to hear the specifics on this one....

-----Original Message-----
From: ThorHammerofGod.com [mailto:ThorHammerofGod.com]
Sent: Thursday, April 04, 2002 8:32 PM
To: shartmannfujifilmesys.com; focus-mssecurityfocus.com
Subject: Re: Windows NT 4.0 Print Spooler Security

*** PGP Signature Status: good
*** Signer: Attonbitus Deus <thorhammerofgod.com> (Invalid)
*** Signed: 4/4/2002 8:32:23 PM
*** Verified: 4/8/2002 11:44:15 AM
*** BEGIN PGP VERIFIED MESSAGE ***

At 02:21 PM 4/4/2002, Seamus Hartmann wrote:
>Hi,
>
>Recently, I was asked by management if there was a way to reprint print jobs
>that are spooled on Windows NT servers. Because the management team prints a
>significant amount of documentation that is considered to be top secret (and
>we recently lost an administrator for selling stuff to another company) they
>are understandably paranoid about this particular issue. The domain
>structure as it stands right now does not allow the printers to be printed
>to by any machine but the Windows NT 4.0 SP6a print spooler.
>
>Here are the stipulations;
>
>I need to recreate a specific print job.
>
>I have Domain Administrator access to the server where the spooler resides.

Greets-

Short answer- absolutely. The last statement says it all... If you are
domain admin on the box (or just admin) you have complete control over all
data coming in and going out of the box. You could run packet captures, set
up secret pooled printers, etc, etc. If you don't trust the admin, get new
ones, or don't make them admins. You should also know that depending on
your topology, encryption schemes, etc, other people with access to the
wire could also do packet captures, blah blah blah.

Was that what you were looking for, or were you looking specifically for a
method of duplicating the spool file as it received data and all that?

hth

AD

*** END PGP VERIFIED MESSAGE ***

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]