Admin Left Logged On 1

[owilbur]

An admin logged in as Administrator on a Windows 2003 member server in a 2003 AD left the building without logging off. Other than the obvious things like file shares, are there any domain administrative functions that could be accessed in this scenario? As far as I know, ADUC cant be accessed from a member server.

Thank you. Thank you very much.

 

[58sniper]

ADUC can certainly be accessed from a member server, as can MMC snapins for pretty much all functions (DHCP, DNS, etc).

Open Terminal Services Manager and log off the admin.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[owilbur]

oh joy, shows how much I know. I logged administrator off the server and changed administrator's password.

 

[Madrox]

That user has access to everything so its the most dangerous thing to have that account logged in and not locked. Is this server secure in a data center or the terminal out in the open? If its locked in a cage at a NOC or secure area I wouldnt be super concerned. I would have called that person and asked WTF they were doing.

I don't know that I would have blindly changed the administrator PW though. What if that pw is set in some of the services or programs on the domain..you may have just caused some other issues.

I would have run tsadmin and booted that user off.

 

[58sniper]

I agree to some degree. Each person (that absolutely needs DA or EA rights) should have a separate dedicated account with those rights. This provides for clear auditing, and easier administrative tasks should that person leave, or should that account be compromised.

Service accounts should always have dedicated accounts. DA accounts should never be used as service accounts.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/