Windows 98 Access 2000 Server - Security Issue!! 2

[NinjaBeaver]

Hi everyone,

OK, I'm a Network Manager at a local high school and the school has just enrolled what I can best describe as a 'script kiddie' student onto the system.

The main problem is that he has already got access to the logon.bat and root of the 2000 server even though I'm sure that administrators only can access this area.

I'm running software called WinSuite which locks down the individual PC's and does not network viewing or C: access.

Now, I've seen him accessing 2000 Server root via Internet Explorer and saving the files as batch files ( I think)! with the command file://200server/ or something similar.

1). Please how do I lock him down to the Windows 98 machine he uses, it's making me slightly paranoid.

2). How the hell has he done this in the first place so I can test my system more, or is there more methods of testing this.

Please help,

Many Thanks,

Simon Anderson
Network Administrator
The Park High School

 

[Xemus]

Do your school have any policies on hacking/misuse of equipment? That might be the first course of action, as him learning that it's not ok to misuse others equipment now might save him some jail time or fines in the future.
What kind of policies can you enact on him if he doesn't stop? Can you just unplug his computer?
You should also recheck all of the permissions on the folders he has gotten to, as well as the major other ones (system, system32, winnt, etc.)

Want to know how secure your server is?
Microsoft Baseline Security Analyzer:
Microsoft's Beginner Scanner

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/mbsahome.asp

NMAP Security scanner. Indepth scanner for open ports

http://www.insecure.org

http://www.closedsocket.com

 

[grshpr]

I would also verify that the Everyone group does not have permissions to the c$ share. On a windows 2000 server, by default, everyone does. Once he has access to that he could access any sub folders.

 

[DG659]

Break HIS fingers ?

you could be in for a lot of work
IF hes tampered with logon.bat its possible he has EVERYONES password all it takes is to have the logon script install a keylogger.
first thing id do if ban him for a month at least to give your self time to check the network and fix anyholes.

Netlogon share has read write access as default it maybe just that he has got into on the server.
make your own logon script just for that user warning him you are watching him another wonderfull teaching AID (spy)
is a program called Netsupport School. a word to the principle of its dual use may be rewarding

http://www.pci.co.uk/catalogue/index.html

 

[grshpr]

On the same note as the c$ share, I have had a client that had security issues that lead back to the Local Administrator password left blank, and terminal services installed. The remote desktop client is a free download from microsoft, and can easily be used to then to remote control the server using the local administrator login. You can install this client on a 9x machine.

As far as locking him down to the 98 pc, not much you are going to be able to do there. You can set some policies in 98, but a lot of them are fairly easily worked around using Help. I once created a policy where no games were allowed and they were removed, but a user kept getting them re-installed on his pc. Come to find out that if you open up the Help, you can re-install the program from there.

I agree with DG659, Ban him for a while, or let him use his 98 pc, just don't supply the ethernet cablet to the network.