Non-domain joined PC can connect to domain controller via smb; view, edit & delete items in sysvol
-
lunes, 12 de marzo de 2012 15:45
I was testing to see what information a third party laptop would be able to view. It shocked me that I was able to connect to our three domain controllers, and go into sysvol and have full access to modify any items. I checked the security permissions on sysvol on our three domain controllers, and it is really locked down...authenticated users have read only, there is no "everyone" group, only administrators have full control. I opened up the Share and Storage Management MMC, and for sharing, the users have Read only for "Everyone" in SYSVOL. All of the other shares that we use for the organization are not able to be opened, which would be a real crisis, but for now I am worried some nefarious person could come in and mess with the group polices or scripts.
I tried connecting to all of our other non-dc servers, and it would prompt for a password before even connecting.
I was testing this from a workstaiton running Windows 7 Professional SP1. Our servers are running Server 2008 R2 Standard SP1. Two are running core edition.
- Editado daedalus7 lunes, 12 de marzo de 2012 15:47
Todas las respuestas
-
lunes, 12 de marzo de 2012 16:17
then it must mean you have some user name and password stored on the workstation that is used automatically against the DCs. Such as something like "administrator" and "password" that is the same as on the DCs.
enable logon auditing for the affected servers and investigate the which user account is actually used from the client workstaion.
ondrej.
- Marcado como respuesta Rick TanModerator martes, 13 de marzo de 2012 5:39
-
lunes, 12 de marzo de 2012 20:14Thanks, that was it. I got another workstation to test and it didn't let me in.
.png)
