Re: Running Login Script Problems
From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 07/03/04
- Next message: Ricardo: "DHCP and WINS"
- Previous message: - - Vivian - - - - - -: "Re: phone in network"
- In reply to: MatthewL: "Re: Running Login Script Problems"
- Next in thread: MatthewL: "Re: Running Login Script Problems"
- Reply: MatthewL: "Re: Running Login Script Problems"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 3 Jul 2004 12:41:14 +0100
Hi Matthew
You will need to place it on all domain controllers, as any domain
controller could be performing the login.
The trojan issue I was referring to is that others may plant some commands
on a workstation to run at login when a domain admin logs in to create
themselves a new domain admin account. It's trivially easy to do and
doesn't require anyone else to be on the network while you're logging in.
It depends on your environment as to whether you think this is a real risk.
If you're running a school or university network, then it's quite possible
that you'd be a victim of this sort of attack.
Oli
"MatthewL" <MatthewL@discussions.microsoft.com> wrote in message
news:BEA74A5B-17B4-4936-94E9-BAAFC8ADEA71@microsoft.com...
> The PDC is the only server that has the script on it. I have not placed
> it on the BDC.
>
> The special account I used is only when I run scripts. It is disabled as
> soon as I am done with the specific task in hand. I only use it when I am
> in the area and not for longer than I need it. I also make sure no one
> else is on the network when I perform these tasks.
>
> Thank you for your response.
> MatthewL
>
> "Oli Restorick [MVP]" wrote:
>
>> Have you replicated the login script to all your DCs' netlogon shares?
>>
>> If the "special account" is a domain admin account, you're asking for
>> someone to place a trojan on one of the PCs to gain domain admin rights.
>>
>> Oli
>>
>>
>>
>> "MatthewL" <MatthewL@discussions.microsoft.com> wrote in message
>> news:55FA0044-997F-47AF-AB36-72B7809BD2B7@microsoft.com...
>> > Our current setup is WINNT Server and 2000 Professional workstations.
>> > We
>> > have one domain on a single broadcast domain. All the computers
>> > include
>> > the same image from a network deployment. Every computer also has the
>> > exact same hardware configuration.
>> >
>> > This specific event will explain my question. I need to run a patch on
>> > all my computers (30) in a lab. On the PDC, I add a special account
>> > with
>> > admin rights and have it run a login script. I try to login all
>> > computers
>> > in the room with this new account and I get the following results: The
>> > first half of the computers login and run the script with no problems.
>> > The remaining computers in the room do not recognize the new account.
>> > After rebooting these computers, they will login but will not run the
>> > script. After rebooting another time, the script still does not run.
>> > All
>> > the computers include the same image from a network deployment. Every
>> > computer also has the exact same hardware configuration.
>> >
>> > I have been dealing with this issue for some time now and need to find
>> > a
>> > resolution to make things easier for me. Please let me know if you
>> > have
>> > seen this or know what needs to be done to change this.
>> >
>> > Thank you for your time.
>> >
>> > MatthewL
>> > Network Coordinator
>>
>>
>>
- Next message: Ricardo: "DHCP and WINS"
- Previous message: - - Vivian - - - - - -: "Re: phone in network"
- In reply to: MatthewL: "Re: Running Login Script Problems"
- Next in thread: MatthewL: "Re: Running Login Script Problems"
- Reply: MatthewL: "Re: Running Login Script Problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
