Re: admin rights from computer outside of domain

Bill <Bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
no - I promise.

yes, the local login name is administrator - but the password is
completely different. and the local pc isn't joined to the domain.


Joined to the domain doesn't matter. The password does, though. On the
workstation, have you *ever* been asked to provide credentials for that
share? Type net use * /del. Then change the local admin password on the
server, reboot the workstation just for fun, and try again.


"Lanwench [MVP - Exchange]" wrote:

Bill <Bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
correction - this file server is NOT a domain controller, but simply
is a member of our only domain.....if that makes any difference

thanks-
Bill

Then are you absolutely certain it doesn't match the server's local
admin credentials? There's just no way this can happen without it
matching something. I promise.

"Bill" wrote:

yeah, that's what stumps me, there is no logical way for this to
happen.

the administrative shares can't be modified any way that I know
of.....do you know of a way to modify an adminstrative share? and
its not happening just on the D$ share, but also C$ and E$.....



"Lanwench [MVP - Exchange]" wrote:

Bill <Bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Here is an interesting and disturbing problem:

I set up a local pc with xp sp2, logged in as local administrator
with local password. The pc was not yet joined to my domain, but
was connected to our ehternet lan. I went into File manger, and
typed in \\file-server\d$ (our domain controller) it gave me FULL
ADMINISTRATIVE FILE RIGHTS to the file server on XYZ domain.
The pc was not joined to the domain, it was only in the default
workgroup (brand new pc, first time I logged in) The local
administrator password was not the same as my Domain
Administrator password. It did not ask me to log onto the
domain, absolutely no connection, other than they were on the
same ethernet network.

Can anyone shed some light on this for me?

thanks Bill

This sounds very interesting indeed - and not possible in any way
I can think of, unless the security ojn your admin share has been
modified to permit EVERYONE or anonymous access (check it out).
Otherwise, the only way your scenario could possibly occur is if
the username and password on the local computer match your domain
admin credentials. There's simply no way for it to happen
otherwise.



.

Relevant Pages

  • Re: admin rights from computer outside of domain
    ... Bill wrote: ... Then are you absolutely certain it doesn't match the server's local admin ... administrator password was not the same as my Domain Administrator ... connection, other than they were on the same ethernet network. ...
    (microsoft.public.windows.server.networking)
  • Re: Remote login
    ... > successfully get admin credentials and push the software. ... the name for the admin account shows: LAN Administrator. ... Microsoft MVP Scripting and WMI, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: admin rights from computer outside of domain
    ... Then are you absolutely certain it doesn't match the server's local admin ... I set up a local pc with xp sp2, logged in as local administrator ... connection, other than they were on the same ethernet network. ... admin credentials. ...
    (microsoft.public.windows.server.networking)
  • Re: Defraging as a power user
    ... It can't be done on W2K with the built in defrag without the user being an ... administrator or using admin credentials. ... --- Steve ...
    (microsoft.public.win2000.security)
  • Re: Will they ever learn?
    ... Energy Refund Program For Low Income Consumers: ... Administrator of the Environmental Protection Agency, ... they didnt bother to read the bill and yet, you, yourself have not read ...
    (rec.gambling.poker)