Re: security log + unauthorized lgons?

In news:B35460C1-D206-4CA7-B906-AB6626EAA652@xxxxxxxxxxxxx,
Dan Shallbetter <DanShallbetter@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
The president of the company has the password. The time frame in
which I am concerned about the premise is protect by a monitored
alaram system physical access is not a concern. I am running ISA
2000 is ISA 2004 a free upgrade? Due to the time frame in question I
do not think it's related to physical access.

I read a best practice white paper once about renaming the admin
account. I had a local tech firm in here a few weeks ago the caution
me against that due to other inter-dependencies the admin account
might have i.e. anti-virus, SQL Server, Crystal Reports, Exchange,
etc. Is ther a KB article that outlines change the admin account in
all the requiored spots?

I have had problems in SBS2003 with renamed administrator accounts - don't
bother. Just give it an impossible password, and don't use it for daily
admin tasks at all.



Thanks,

Dan


"Lanwench [MVP - Exchange]" wrote:

In news:ED3ECA80-16FD-49BA-92FC-AE29364DB157@xxxxxxxxxxxxx,
Dan Shallbetter <DanShallbetter@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Hello,

Login to my SBS 2003 SP1 premium server remotely and had an
application open on the desktop that I do not recall opening.

Who else besides you has the (or any) admin access/passwords?
Are you using ISA?
Who has physical access to the server?


The
security log shows users Anonymous logon, and administrator logging
in at various times very early in the AM. Not certain if the admin
account login is due to normal maintenance? Is the Anonymous logon
another default account like guest?

Thanks,

Dan

Anonymous is a built-in thing and could show up for a bajillion
reasons. There are different types of logins, tho - interactive ones
show up differently from network access, etc. I get very confused
with it all, frankly, and it makes my head ache. You could check out
www.eventid.net for help - it's a very useful resource.

Change the admin credentials for any account that has any sort of
admin access. Nobody should really be using Administrator for
anything; it should have a very good password on it indeed. And you
should set up your own account with the group membership you need,
and use that for admin. And log in using a different (limited user)
account for daily use.



.

Relevant Pages

  • RE: Local admin password
    ... How does one propose to deploy a different password to each admin ... account on all computers in the network automatically? ... Subject: Local admin password ... anybody with physical access to one computer and john-the-ripper has ...
    (Focus-Microsoft)
  • Re: Incoming E-Mail - cant create contact in OU
    ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Security Breach in AD! Help!
    ... > about 5 minutes the user was removed from the built in admin group. ... > changed the default domain policy, the default domain controller policy, ... >> auditing of account logon for success and failure and account management ... >> success and failure in Domain Controller Security Policy. ...
    (microsoft.public.win2000.security)
  • Re: cant verify disk
    ... She went to DU, and when she pressed "verify disk", it asked her user ... Disk Utility has required an administrator name and password for certain ... This is clearly a task which requires admin privileges, ... seriously mucked up with her user account settings in the NetInfo ...
    (comp.sys.mac.system)
  • Re: Wscript within VBA
    ... One box is running VBA code,. ... One box is a domain controller, or has an account trusted to manipulate AD ... >> It posts a form to an ASP page, ... >> Since what you want to do sounds like it will require admin privileges, ...
    (microsoft.public.vb.database)