Server allows unauthorised access

0 pts.
Tags:
configuration
Desktops
Firewalls
Forensics
Incident response
Intrusion management
Management
Microsoft Windows
Network management software
Network security
Networking
OS
patching
PEN testing
Platform Security
Security
Servers
SQL Server
VPN
vulnerability management
Wireless
I am trying to sort out a network using Windows Server 2003 and Windows XP Pro The domain has been set up on the server, and it is possible to log in. But mostly the users don?t log into the domain. They log into the local machine, with usernames which are NOT known on the server. They get access to files which are held on the server, by using the server?s IP Address in shortcuts and scripts. It seems to me that security on the server must have been partly disabled, to allow this unauthorised access. Can anyone suggest the steps I need to take in order to force users to log into the domain?
ASKED: March 21, 2006  7:51 AM
UPDATED: April 5, 2006  11:20 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

it sounds like all of the systems have been setup with the same user name and password. My guess is the user name they are using is “administrator”. For example, If you have a local user account on both computers “XPCOMP01″ and “XPCOMP02″ called “administrator” with a password of “p@ssw0rd” each computer will have access to the others shares through the network. You can change the local administrators account name to something they will not know. This can be done very easy through group policys. I would change it on the domain controller and all of the workstations. This would force everyone to use their assigned domain user accounts. Then create a fake account called administrator that you have disabled and use it for security logging to see who is still trying to access the account.

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Guardian
    You can check the Domain Security Policy, and also the Local security Policy( but basically security has its default) Make sure everyone has been joined into the domain, if so then your permissions are not restrictive. Users must be authenticated to have access on the domain and resources ( that's what a domain is for hey?) Most of these you can find in the Adminitrative Tools. Remove work grouped PC's like in XP home ( type your DNS Suffix and tick change DNS suffix ) Rgds Newton PS: Keep us informed
    900 pointsBadges:
    report
  • Dwiebesick
    This is a mess if you do not have end user cooperation. Fist, are the workstations members of the domain or are they in a workgroup? You can use group policy to restrict local logon. There is a security setting that can be set under a group policy: Computer Configwindows settingssecurity settingslocal policiesuser rights assignmentlogon locally, read carefully Microsoft?s KBA 823659. You can also change the NTFS security setting on the files/folders that the end users are accessing. Change them to allow only authorized domain authenticated users? access or what ever you deem appropriate. IF you know the user name and password that they are using, you can change it. If it is the local computer administrator account, there are scripts available that you can use to easily change them. Keep us informed as to your progress and provide as much information as possible to better assist you. Best of luck, dmw
    2,235 pointsBadges:
    report
  • Astronomer
    It seems clear you have a domain working like a workgroup. If you have the authority, create domain accounts with different names than the local accounts, disable any domain accounts, (or at least change passwords), that are being used to get around the domain security, and force the users to use their domain accounts. You need to make sure the users have to use their own domain accounts to reach the resources they need on the server. I assume the workstations are members of the domain. Once the users a logging in with domain accounts you can start managing them with groups and policies. rt
    15 pointsBadges:
    report
  • BillBald
    Thanks very much to those who have replied. Sorry for the delay in getting back to you, I?ve been under a lot of work pressure. I have found that if I go into ?Domain Controller Security Policy?, then Security Settings ---> Local Policies ---> User Right Assignment ---> Access this computer from network, then the ?Everyone? group is allowed access, as well as ?Authenticated Users? etc. After I have finished adding users to network and making sure they can log in, I am going to try removing the Everyone group (also the legacy pre-Win2k computers group), and see if that forces all users to log into the network. Another thing I?ve noticed is that the router is being used as the DHCP Server, instead of the Win2k3 box. Does anybody have any thoughts about that?
    0 pointsBadges:
    report
  • Astronomer
    Bill: It doesn't matter what device is the DHCP server as long as it provides the proper addresses and options for your environment. The router should be a reasonable choice for a single subnet. Since it doesn't have a hard drive it is likely to be more reliable than a server. rt
    15 pointsBadges:
    report
  • BillBald
    Presumably the router should be set up to point to the DNS Server on the Win2k3 box, rather than the ISP?s DNS Servers? And the DNS Server on the Win2k3 box should then use Forwarding to include the ISP?s DNS Servers?
    0 pointsBadges:
    report
  • 0ct0pus
    that'll be allright too bill. the clients will send a DHCP request to the DHCP (in this case the router device), then they will receive a set of info of IP, gateway and the DNS that points to the win2k3 server. so now all clients after receive the info from DHCP will contact your win2k3 server for name resolution. then your DNS can forward any external name request to the ISP DNS. presumably it's a small subnet and the router is the only gateway to outside world, then it's best if it limits the traffic of DNS request only from your DNS server (win2k3).
    0 pointsBadges:
    report
  • DaJackel
    First off, go to: START > PROGRAMS > ADMINISTRATOR TOOLS > DOMAIN CONTROLLER SECURITY POLICY Drill down to: SECURITY SETTINGS > LOCAL POLICY > SECURITY OPTIONS Make sure that these 2 entrys are correct: Network access: Let Everyone permissions apply to anonymous users ---> Disabled Network access: Do not allow anonymous enumeration of SAM accounts and shares ---> Enabled That should cover the anonymous access problem. The other thing is to make sure that the local accounts that the users are logging into are different than the ones on your domain or local to your domain controller. The usernames can be the same if you want them to be but you must make sure the passwords are different and that the users don't know what they are. This will prompt them for a password if the usernames are the same. It's a function that Windows does not verify the sid but just the username. Don't really understand why I just know that it doesn't. That should cover your problem.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following