Q: Windows 2000 Professional Security

  • Thread starter Thread starter Lord Deekay
  • Start date Start date
L

Lord Deekay

Can anyone tell me if it's possible for a Windows 2000 Professional client
computer to join a domain without the owner's knowledge? Here is the
scenario:
This Windows 2000 Professional client computer is on a network with a leased
static IP address from a domain server. The local account access is strictly
private and no one other than the client computer's owner knows the
passwords. One day this computer's owner logs on to the client computer and
perform the daily average routine. When the owner logs off and then logs on
again, the local account accesses including that of the default administor
has been denied. When disaster recovery procedure was performed and the
local account accesses has been gained, the owner learns that the client
computer has joined the domain!!! No one knows the local account passwords
to this computer. No one physically accessed this computer other than the
owner. How can this possibly be done? Please, help me find out what caused
this.
 
On Thu, 18 Dec 2003 14:34:02 +0300, "Lord Deekay"

You missed crossposting to the alt.britneyspears group...
Can anyone tell me if it's possible for a Windows 2000 Professional client
computer to join a domain without the owner's knowledge? Here is the
scenario:
This Windows 2000 Professional client computer is on a network with a leased
static IP address from a domain server. The local account access is strictly
private and no one other than the client computer's owner knows the
passwords. One day this computer's owner logs on to the client computer and
perform the daily average routine. When the owner logs off and then logs on
again, the local account accesses including that of the default administor
has been denied. When disaster recovery procedure was performed and the
local account accesses has been gained, the owner learns that the client
computer has joined the domain!!! No one knows the local account passwords
to this computer. No one physically accessed this computer other than the
owner. How can this possibly be done? Please, help me find out what caused
this.
Click to expand...

Scripting it is possible. Does the local administrator's group have
any other accounts? Is the user qualified to know whether they joined
a domain or not? Virus scanner, critical updates, service packs all
current? Did you enable auditing?

Jeff
 
It is possible if someone else had undetected administrator access to that
computer. Netdom can be used to do this, possibly activated remotely by
placing it on the computer as a startup script in Local Group Policy. Why in
the world would somebody want to hack a computer just to join it to the
domain?? Checking Event Viewer may help determine when this happened. Also
joining a domain in itself will not affect local logon ability and will not
change the password on any local accounts. --- Steve
 
Well... password hack and recovery CD's are aplenty...worse case scenario..
..(well almost.. your PC is still working) ... someone could've booted one of
these CD's, wiped the SAM and instilled a fresh one with a blank admin
password, reset the password, joined the domain - assuming they had the
means and done all sorts of mischief..Seriously, check your event logs...
again, assuming you've enabled auditing of the appropriate events in Group
Policy. See if any 'new' users appeared at the same time as the audit event
or elevated privileges etc...

Regards,
Mylo

btw.. a leased static ip address is an oxymoron :0)
 
Back
Top