Re: Server issues

"LRM" <Fskspam@xxxxxxxxxxxxx> wrote in message news:#J$qRLQIIHA.5360@xxxxxxxxxxxxxxxxxxxx:

"Michael D. Alligood [CertGuard, Inc.]" <mdalligood@xxxxxxxxxxxxx> wrote in
message news:OmbKgzMIIHA.588@xxxxxxxxxxxxxxxxxxxxxxx
> "Consultant" <consultant_mcngp@xxxxxxxxx> wrote in message
> news:uhUiP1KIIHA.4584@xxxxxxxxxxxxxxxxxxxx:
>
>> who else has admin permissions to your server? are there any new admin
>> accounts on it?
>>
>> "Michael D. Alligood [CertGuard, Inc.]" <mdalligood@xxxxxxxxxxxxx> wrote
>> in
>> message news:%23XbGF$$HIHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
>> > Today, my client's Windows 2000 Server freaked out. 3 weeks ago, I
>> > added 4
>> > new user accounts with roaming profiles and mapped drives to user
>> > folders
>> > on the server. All user data (My Documents) was stored on the server in
>> > there user folders. Today, those 4 accounts and their respected folders
>> > disappeared from the server. No trace of evidence was in the Event
>> > Viewer.
>> > Nothing.
>> >
>> > On top of that, I could not log on to any domain account from any of
>> > the
>> > computers. The error message stated that the computer account for this
>> > primary domain was missing. So I logged in locally and rejoined the
>> > computers to the domain.
>> >
>> > Any idea what in the world happened -- especially to the 4 new
>> > accounts,
>> > their profiles and folders?
>> >
>> > --
>> > Michael D. Alligood, MCITP, MCTS, MCSA, MCDST
>> > The I.T. Classroom - http://www.theitclassroom.com/
>> > CertGuard, Inc. - http://www.certguard.com/
>> > Microsoft Exam Security Newsgroup -
>> > microsoft.public.certification.exam.security
>> >
>> >
>
> One admin account. 2 people know it (including myself). No new admin
> accounts. To be honest, and if it were possible, it looks like someone did
> a Windows XP System Restore to an earlier date! It started Saturday around
> 3pm. Noticeable on Monday when everyone tried to log in. When I got that
> fixed by rejoining all the computer back to the domain, I noticed the 4
> newest account (about 3 weeks old) were completely gone --
> along with their profiles. Today I noticed the mirror failed. So I
> imported the "foreign disk" and reactivated the mirror. I really think it
> is time for another server, but just want to understand what exactly
> happened.
>
In your situation you have too many variables to permit a logically derived
answer from any forum. You would need to fully disclose all events, get some
scalding water and the other admin in the room as well. In your situation,
you could have an admin gone bad, as well as a mirrored set that didn't
function properly, along with someone let loose on the network with a ghost
image. You do not have control of your client and need to get control fast
or drop them all together. You cannot manage a network without having
security in place, the first being no one will touch the network without an
independent login. Dude, seriously what are you doing there?

It not as bad as that. And the setup is quite simple. The only thing this server is for is authentication, and file and print sharing. The clients do not touch the server. The only other person that knows the admin password only knows it for fault tolerance (meaning if I cannot be reached). There is nothing that indicates this behavior in the event viewer.

The clients themselves are not the issue. But I totally agree with you concerning the situation. If I did not trust them, or they did not adhere to my networking rules, I would not have them as clients. I am not in the business of babysitting.

There is just not enough evidence (really none at all) to figure out what happened. I was wondering if anyone had come across this before. I researched it on the Internet and found that my first issue of not being able to access the domain from client computers was solved by logging in locally and rejoining them again. This was the fix, but nothing stated why it happened in the first place. As for the user accounts disappearing along with profiles and home directories, I have came across nothing.

--
Michael D. Alligood, MCITP, MCTS, MCSA, MCDST
The I.T. Classroom - http://www.theitclassroom.com/
CertGuard, Inc. - http://www.certguard.com/
Microsoft Exam Security Newsgroup - microsoft.public.certification.exam.security


.

Relevant Pages

  • Re: More on user permissions in a 2K AD domain
    ... strong pass phrase for the admin accounts then ... settings for workstations in a domain linked GPO, ... Given you are remote from the server and it ...
    (microsoft.public.win2000.active_directory)
  • Re: getting me ducks in a row - concepts
    ... Don't create local login accounts for users, ... >> admin types know the local administrator credentials on all PCs. ... You don't load QB on the server - the registry keys or files/folders would ...
    (microsoft.public.windows.server.sbs)
  • Re: More on user permissions in a 2K AD domain
    ... strong pass phrase for the admin accounts then ... settings for workstations in a domain linked GPO, ... Given you are remote from the server and it ...
    (microsoft.public.win2000.security)
  • Re: XP & W2K server User rights need help
    ... accounts. ... This narrows the issue, since any admin ... > Here is another fact, this domain server had to be> replaced so a new one was created, in the old domain> server non of the users had accounts only the computers ... >>> Accounts in AD Power users with admin rights to local ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Issues with NT4 to SBS2K3 upgrade.
    ... > Please post the FQDN of one of the XP Pro clients which have been joined successfully to the domain for comparison. ... > Server Management Console will not allow you to delete the computers' accounts.) ... I can logon to the PC as admin & do everything BUT add the local user ...
    (microsoft.public.windows.server.sbs)