Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

XP Network security query

Status
Not open for further replies.
Darrylles

Darrylles

Programmer
Feb 7, 2002
1,758
0
0
GB
When setting up XP machines on our network, we set up
local Administrator accounts. This restricts all changes to the machine except by using the local Administrator login.

How then, can XP allow the NETWORK Administrator login (with the NETWORK admin. password) the same privilages locally?

i.e: Local user login: administrator
Password : (NETWORK administrator password)
Domain : Network domain

Full LOCAL machine XP priveleges are then available.

This implies that the username 'ADMINISTRATOR' in conjunction with the domain name are the keys to admin access rights, the password then seems irrelevant from a local machine perspective.

If I log in with MY username - (with full network Administrator privileges) - I have NO local machine user rights, in fact, I can't log in.

It seems to me that if I nick a PC with XP on it from a company, and manage to find out the domain name used by that company, then I need only set up a small network with that domain name - and then I can fully access that XP machine.

Anyone out there who is aware of this or even understands it and can give me a definitive explanation?

Any help much appreciated - it's doing my head in in thinking of a logical reason for it.

Kind Regards,

Darrylle

"Never argue with an idiot, he'll bring you down to his level - then beat you with experience." darrylles@totalise.co.uk
 
Sort by date Sort by votes
Domain controllers do not allow users to logon locally to the computer. Users actually logon to the domain. Workstations and servers have their own accounts database, thus users can be granted permission to logon locally, as well as the domain.
 
Upvote 0 Downvote
You are assuming that the Name alone: Domain and username, are the controlling security principles. They are not.

If you tried this, it would not work as the registered SID and Security Principles would not match.

But at a simpler level there is some truth to what you are saying. If I nicked a workstation it would take about two minutes to change the Administrator's password and have access to the machine. The physical security of the workstation is very important. Funamentally your protection is a large and angry dog.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
94
pjw001
pjw001
keithinoz
  • Locked
  • Question
clean up network locations 1
Replies
3
Views
55
Beilstwh
Beilstwh
DrB0b
  • Locked
  • Question
Issues prioritizing network connections
Replies
2
Views
52
gbaughma
gbaughma
jlh1
  • Locked
  • Question
Baseline Security Analyzer
Replies
1
Views
39
DaveSolan
DaveSolan
terrytype
  • Locked
  • Question
Windows XP-Prof validation code.
Replies
10
Views
105
terrytype
terrytype

Part and Inventory Search

Sponsor

Back
Top