Re: Locked out of SBS 03

From: Jeff L (newsgroupsremoveandunderscore_jeff_at_availabletech.net)
Date: 05/26/04 

Date: Wed, 26 May 2004 10:20:14 -0400

Thanks Susan,

I still want to slow down the attack. There is Linux based proxy technology
that will allow me to access the server from another workstation connected
to the network and use the workstations resources as though they were
connected to the motherboard of the server... but I am not going to get into
that.

I will put some more research into the topic. Thanks for your time and
advice.

Jeff Loucks
       Available Technology ®
            Solutions For Professionals ®
                  www.availabletechnology.com

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:uoN2EdrQEHA.1620@TK2MSFTNGP12.phx.gbl...
> But that's it.... we can do it BECAUSE we have physical access. We
> can't do it remotely.
>
> You cannot on any server/workstation as long as you have physical access.
>
> THAT is the key. Restrict access. THAT is the cut off.
>
> Law number 3. Can't remove law number 3.
>
> Like I said, you are getting tripped up in thinking it's an issue. It's
> not. Basic security means you restrict access. I have a keylock on my
> floppy drive to my server.
>
>
>
> The Ten Immutable Laws of Security
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/10imlaws.asp
>
> Law #1: If a bad guy can persuade you to run his program on your
> computer, its not your computer anymore.
> Law #2: If a bad guy can alter the operating system on your computer,
> its not your computer anymore.
> Law #3: If a bad guy has unrestricted physical access to your
> computer, its not your computer anymore.
> Law #4: If you allow a bad guy to upload programs to your web site,
> its not your web site any more.
> Law #5: Weak passwords trump strong security.
> Law #6: A machine is only as secure as the administrator is trustworthy.
> Law #7: Encrypted data is only as secure as the decryption key.
> Law #8: An out of date virus scanner is only marginally better than no
> virus scanner at all.
> Law #9: Absolute anonymity isn't practical, in real life or on the web.
> Law #10: Technology is not a panacea.
>
>
>
> Jeff L wrote:
> > Mike,
> >
> > I am glad you know how to jumper the bios as well. Still looking for
some
> > advice that would stop this functionality for admin password reset. I
don't
> > need advice on physical security. Never once said it was an issue.
> >
> > Physical security can be compromised. The admin password reset is a huge
> > hole. There has to be a way to wrap a .dll or something so that this can
be
> > cut off.
> >
> > Here is the question: How do you cut off access to Admin Password Reset
> > tools?
> > Maybe I should repost it.
> >
> > Regards,
> > Jeff Loucks
> > Available Technology ®
> > Solutions For Professionals ®
> > www.availabletechnology.com
> >
> >
> > "Mike R" <research@rollesolutions.com> wrote in message
> > news:OmqKS9mQEHA.3300@TK2MSFTNGP09.phx.gbl...
> >
> >>Hey Jeff,
> >>
> >>I don't think you could do it if you wanted to (remove access to admin
> >
> > pass
> >
> >>reset). The tools that I use are created for people that have a real
> >>problem, they have inadvertently locked themselves out of their server.
> >
> > You
> >
> >>use it by starting setup (for whatever OS it is) and hitting F6 when it
> >
> > asks
> >
> >>if you need to load additional drivers. Once that is done it pops right
> >
> > into
> >
> >>a screen that allows the administrator password to be reset.
> >>As many have already mentioned, you shouldn't have to worry about this
if
> >>physical access is not possible by anyone other than yourself and those
> >
> > you
> >
> >>trust (and have a reason to have access).
> >>Your bios password does absolutely nothing for you as it can be reset in
a
> >>matter of seconds by simply swapping a jumper on the motherboard for a
few
> >>seconds.
> >>Best of luck to you...
> >>
> >>
> >>"Jeff L" <newsgroupsremoveandunderscore_jeff@availabletech.net> wrote in
> >>message news:%23g0u4bmQEHA.2572@TK2MSFTNGP12.phx.gbl...
> >>
> >>>Thanks Susan,
> >>>
> >>>I am on top of the physical security issue but my question was not
about
> >>>physical security. I am aware of removing drives and gaining access to
> >
> > the
> >
> >>>data. We can and have protected against that.
> >>>
> >>>We have also changed the bios to password protected and removed the
> >>>removable media drives from the boot order.
> >>>
> >>>I could get past all of that so how do I remove access to admin
password
> >>>reset? Anyone know how to do that?
> >>>
> >>>Feel free to contact me directly if you do not want to post it.
> >>>
> >>>Regards,
> >>>Jeff Loucks
> >>> Available Technology ®
> >>> Solutions For Professionals ®
> >>> www.availabletechnology.com
> >>>
> >>>
> >>>"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> >>>wrote in message news:##kXjNmQEHA.568@TK2MSFTNGP12.phx.gbl...
> >>>
> >>>>Any operating system is vulnerable to physical access. Microsoft
> >
> > didn't
> >
> >>>>put it there. I can do likewise with any operating system. If I can
> >>>>physically remove a harddrive and the data is not encrypted, I can get
> >>>>to that data. Simple as that. If I have access to that drive, it's
> >>
> >>mine.
> >>
> >>>>Put a lock on the door of the computer room.
> >>>>A lock on the floppy drive.
> >>>>
> >>>>This isn't a trick. When WinXP could be "hacked" by using a Win2k
> >
> > cdrom
> >
> >>>>and booting from that and oh horrors you could reset the admin
> >
> > password
> >
> >>>>in that manner, the security community went... ho hum... yeah? So?
> >
> > Call
> >
> >>>>me with a real security issue. One that can be hacked remotely.
> >>>>
> >>>>Physical security dude. Basic rules of security is restrict physical
> >>>>access.
> >>>>
> >>>>Jeff L wrote:
> >>>>
> >>>>>I would prefer to see that backdoor closed.
> >>>>>
> >>>>>I used to have a tech that worked for me that knew all those tricks,
> >
> > I
> >
> >>>had
> >>>
> >>>>>forgotten about them. My bad... I would prefer there not be a
> >
> > backdoor
> >
> >>>and
> >>>
> >>>>>those who make mistakes have to do more work then those who plan.
> >>>>>
> >>>>>I agree with the physical security thing but I don't like Microsoft
> >>>
> >>>leaving
> >>>
> >>>>>a backdoor open.
> >>>>>
> >>>>>Anyone know how this works, what the source of the change is? Is
> >
> > there
> >
> >>a
> >>
> >>>way
> >>>
> >>>>>to protect against it?
> >>>>>
> >>>>>Thanks,
> >>>>>Jeff
> >>>>>
> >>>>>"Jeff L" <newsgroupsremoveandunderscore_jeff@availabletech.net>
> >
> > wrote
> >
> >>in
> >>
> >>>>>message news:#hSTysdQEHA.2452@TK2MSFTNGP11.phx.gbl...
> >>>>>
> >>>>>
> >>>>>>I am very unhappy to see that!
> >>>>>>
> >>>>>>How do I protect against this type of hack!
> >>>>>>
> >>>>>>"Mike R" <research@rollesolutions.com> wrote in message
> >>>>>>news:O#uEMWdQEHA.3744@TK2MSFTNGP10.phx.gbl...
> >>>>>>
> >>>>>>
> >>>>>>>go to www.lostpassword.com and get passware kit. It's expensive but
> >>>>>
> >>>>>allows
> >>>>>
> >>>>>
> >>>>>>>you to reset the admin password. Keep it in a safe place so other
> >>
> >>users
> >>
> >>>>>>>can't get to it.
> >>>>>>>
> >>>>>>>
> >>>>>>>"John L" <anonymous@discussions.microsoft.com> wrote in message
> >>>>>>>news:A1BD6AFB-4189-494E-8B28-CA7F24CA0ABF@microsoft.com...
> >>>>>>>
> >>>>>>>
> >>>>>>>>I got a new SBS 2003 server, while doing the intial setup I set a
> >>>>>
> >>>>>Admin
> >>>>>
> >>>>>
> >>>>>>>password, setup my TCP/ip and restarted. After restarting the
> >
> > server,
> >
> >>>it
> >>>
> >>>>>>is
> >>>>>>
> >>>>>>
> >>>>>>>not taking the Admin password and is not letting me in. Is there
> >
> > any
> >
> >>>way
> >>>
> >>>>>I
> >>>>>
> >>>>>
> >>>>>>>can reset the password or get in?
> >>>>>>>
> >>>>>>>
> >>>>>>>>I have tried all my domain admin accounts and the administrator
> >>>>>
> >>>>>account
> >>>>>
> >>>>>
> >>>>>>>itself, but its just not letting me in.
> >>>>>>>
> >>>>>>>
> >>>>>>>>Please Help.
> >>>>>>>>John L
> >>>>>>>
> >>>>>>>
> >>>>>
> >>>>--
> >>>>http://www.sbslinks.com/really.htm
> >>>
> >>>
> >>
> >
> >
>
> --
> http://www.sbslinks.com/really.htm
>

Relevant Pages

  • Re: Locked out of SBS 03
    ... You cannot on any server/workstation as long as you have physical access. ... Can't remove law number 3. ... > advice that would stop this functionality for admin password reset. ... they have inadvertently locked themselves out of their server. ...
    (microsoft.public.windows.server.sbs)
  • Re: The clique is shrinking.
    ... How is you losing your account with an ISP after people complained ... about you a victory for yourself? ... He was only associated to the project by hosting its server. ... provider in the country into part of the law enforcement apparatus." ...
    (uk.transport)
  • Re: filename could not be found
    ... They WERE going to enable Remote Assistance, ... resulting law suits. ... i'm working off a windows xp file server - just working on the file directly. ... McGhie Information Engineering Pty Ltd ...
    (microsoft.public.mac.office.word)
  • Re: Is collecting of IP data in the UK illegal?
    ... I recently read an article that seemed adamant that to collect IP Data ... by law as "Personally Identifiable Information" and therefore subject ... You don't think it's relevant if it means the server can actually respond back to your IP address with the data you requested? ...
    (uk.legal)
  • Re: D-link problem - is it illegal?
    ... Well it is your server, but it might clear up a point. ... I was not thinking of any specific law that I knew of. ... D-Link device is more questionable... ... I wonder what the implications of a letter/email from the admin of ntp2.usno.navy.mil, or one of the .gov sites being abused to a few end-users in the USA might be. ...
    (uk.legal)