Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Blocking Dameware from remotely administering windows 2000
- Thread starter ckkent
- Start date
porkchopexpress
IS-IT--Management
How do you mean? If they're an admin then they are an administrator making sure that anyone that you don't trust doesn't have admin rights is absolutely critical.
You could install the dameware service and then disable it this will prevent anyone making a connection to install the client but an admin could still enable the service.
- Thread starter
- #3
Hi, thanks for the reply.
I mean if someone illegally got a hold of one of the administrators account they could use dameware to administer the server.
About the dameware service, isn't this for remote controlling only so you could see/control the remote computer's desktop? Would this be able to stop it from administering it? Because you could still administer the server remotely without this service, couldn't you? Please correct me if I'm wrong, I just started using this dameware so I'm not very much familiar yet.
I mean if someone illegally got a hold of one of the administrators account they could use dameware to administer the server.
About the dameware service, isn't this for remote controlling only so you could see/control the remote computer's desktop? Would this be able to stop it from administering it? Because you could still administer the server remotely without this service, couldn't you? Please correct me if I'm wrong, I just started using this dameware so I'm not very much familiar yet.
If someone "illegally got a hold of one of the administrators account" dameware would be the least of your problems, so to speak. Limit admin accounts to only people that absolutely need them, enforce strong passwords, keep machines patched up would be a better use of your time.
Just my 2 cents,
RoadKi11
Just my 2 cents,
RoadKi11
porkchopexpress
IS-IT--Management
I was thinking of Dameware Mini Remote not the whole NT Utilities package sorry but this still doesn't change anything a user with admin rights could perform almost any administrative function remotely without dameware the key is to make sure no one ever gets an admin account.
The principle of least privilege is what you should be thinking about make sure that no one has more rights than they need to servers and that very few people have domain admin rights.
and as Roadki11 says enforce strong passwords and keep on top of patches for all services not just Windows.
The principle of least privilege is what you should be thinking about make sure that no one has more rights than they need to servers and that very few people have domain admin rights.
and as Roadki11 says enforce strong passwords and keep on top of patches for all services not just Windows.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
