none
Did we find a security loophole or is this as designed? RRS feed

  • Question

  • Many WIn7 PCs on an Enterprise Domain.  All PCs have the Administrator account enabled with the same password on each PC.  There is NO Administrator "user" on the domain.

    Log into a PC as Local Administrator.  Browse to another PC, within the Domain, using Windows Explorer - \\computername\c$.

    As local Admin of PCx, I am not challenged for credentials to access PCz.  When I browse, using c$, I can immediately browse the other PCs files, including each different user's documents.

    We realize this may be because of the same user name on both PCs with the same password.  We change the Local Admin's password on one PC and then attempt to browse and we are challenged for credentials.  As a test we created a user "xyz" (put in Admin group) on both PCs with the same password, and we are challenged.

    The senerio with the same username and password makes sense from a logical viewpoint, but it doesn't make sense from a security viewpoint.  The Local Administrator is the Admin for that PC (by computername) and should not actually be the Admin for another PC (by computername).  We view this as a serious security issue.

    Anyone know of a way to force credential requirements by way of policy, patch, registry entry, or other work-around?

    Thanks for any replies and insight..!

    Wednesday, July 31, 2013 6:19 PM

Answers

  • Hi,

    First, please know that to use the UNC path to access C drive which is the system drive on the other computer, we have to be the administrator of the computer we try to access. Since the “xyz” account you created wasn’t in the admin group, to challenge the authentication for admin privilege is definitely right. Also, I have also tested as the first scenario with same admin account and password which you mentioned, and resulted the same.

    Both UNC access and Windows log on use the SLA authentication. The LSA handles user logon and authentication on the local computer, and if the authentication package processing the logon request supports pass-through authentication, the LSA can also log users on to other computers on the network. So, using the same administrator account with same password will bypass the authentication in UNC.

    For detailed information on LSA, please refer to following link:

    LSA Authentication

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa378326(v=vs.85).aspx

    Hope these could be helpful and keep post.


    Best Regards, StarSprite

    Thursday, August 1, 2013 9:25 AM