Jul 20, 2005
Windows 2000 on network
|" A Windows 2000 security tool to check administrative access. "
Can your colleguage's with Explorer (from their own W2k-workstation) read/modify/delete/create files on your hard disc? And nobody can see if it happens. W2kTotalPowerWhere reports if you have this problem.
Important: This is not a hackers tool to gain more access. It only reports, what your IT-sysadm already has given tou, and tour colleguages. Many IT-sysadms will answer, that this problem is solved with W2k-ADS-policy, but it can't. More and more programs upgrades themselves while users are logged in, demanding that users must be member of the Local Admin Group. Members of this group can install programs. Installing W2k on a workstation, the IT-sysadm normally decides that no Domain Users can be member of the Local Admin Group.
But are workstations used by more than one user? Are there users using other than their own workstation? If the IT-sysadm have given this problem deep reflection, maybe he/she have prepared some Global Domain Groups with the same names ready on every workstation, being member of the Local Admin Group. If it's necessary, the IT-sysadm can then temporarily add the Domain User to this Global Domain Group, and the user can install programs until he/she removes the Domain User again after maybe 2 days? But while the user is member of this Global Domain Group, the Domain User at once gains unlimited admin power on every workstation on the network. While the Domain User is a member of the Local Admin Group, he/she can make a new Local User on every workstation on the network, and grant this Local User membership of the Local Admin Group on every workstation. And the Domain User can do it from his/hers own workstation without anyone seeing anything about it. Then it dosn't matter that the IT-sysadm removes the Domain User from the Global Domain Group after 2 hours. The unlimited remote access involves:
1. Explorer: \\ComputerName\C$
3. Computer Management (Control Panel)
Top Related Downloads