Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Users exceeding permissions -- How do you find 'em?

  1. #11
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Angelic: Can I just clear one thing up?

    Is this Term server accessible from the public network or is it an internal only "thing"?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #12
    Everyone on the LAN has access to the terminal server. Most employee work is done on the terimal server as opposed to on their local machines. Those who connect from home, outside the LAN, also have the ISP of the terminal server so they may do so.

    No one but employees have access though.

  3. #13
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I meant do you have access to change domain level security in active directory, more like are you using active directory? I will assume so:

    Ok let's see how my memory is. In active directory users and computers right click domain controllers and select properties then go to Group Policy. Edit the default domain policy listed since you probably haven't customized any.
    Drill down to windows settings/security settings/event log and set the attributes you want.

    While you are there you can see all kinds of setting to be played with on other objects. Just be careful you don't lock things out and make a handwritten log of every change you make. Peace.

    //edit Well my memory sucks, don't drill into the even log go above it to /Local Policies and play with the audit policy. If those are all turned on you should see something in the security log. It won't log application installs I don't think, perhaps someone else can comment. Unless it's to a protected directory. It should audit priveleged changes to the registry though? Not sure. This is a reason aslo to never allow admins to share common credentials. Like having all admins use "administrator" it should be removed or changed to something protected. Etc.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  4. #14
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    No one but employees have access though
    I never like seeing sweeping statements like that in this field......

    Are you saying that because all your users are using the same ISP the TS is not available from outside teh ISP, (ie. they have port 3389 blocked at thier firewall inbound)? Have you ever tried to get to the TS from somewhere else in the world?

    I understand your point about your users not being the sharpest knives in the drawer but never underestimate them either, (one of them got Photoshop on your TS... ). With TS you have to allow them to login through TS in their AD account. This means that if they can get to the TS from anywhere then they can log in. So actually, a user who you don't have set up to log in from home but does have access to the TS server internally also has access from home if they use WINXP and know the address.....

    That aside though, from the timing of it it looks like a user messing around on their lunch break. If no installation is required as SirDice said then there wasn't much you could do to stop it other than making policies about which programs can be run on the box and block all others but that is very restrictive and can be very time consuming if you install something like office because it relies on so many things to run and it takes you weeks to track them all down.

    Get a proper audit policy going is the best advice I can give at this point. Since there was no harm done I would put it down to experience and write an acceptable use policy that includes a part that says no-one can install any software on any machine without the prior permission of the MIS.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #15
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Just an off the wall comment...

    Is physical access to the server easy?

    Could it have been left logged in?

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  6. #16
    newest terminal server.
    This is a really, really really stupid question.

    Did photoshop elements come with the new box?

    Just curious...

  7. #17
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Another question: Do you know what version of Photoshop was installed? Maybe a cracked copy that doesnt edit the registry? (And therefore bypasses permisssions)
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  8. #18
    Tiger -- I don't know of any way to access the TS without using the ISP if trying to connect from outside the LAN. The TS can indeed be accessed from other locations (for example, our CEO is currently using it from the Virgin Islands). Definately agree with your point about not underestimating users too. No worse enemy than complacency.

    Steve -- The server room is upstairs and, unfortunately, is inbetween offices, so there's quite a bit of traffic through it (note: I didn't set it up this way!). However, no server is ever left logged on and unattended to. The only way this could have been pulled off yesterday would have been for someone to whisk in and do a mad fast installation while I had stepped away for a couple of minutes to tend to a copier problem. I don't think a Photoshop installation could be done that quickly though.

    Soda -- Photoshop indeed did not come with the box. No question's stupid though. Even the best of us miss the obvious from time to time, especially me!

    Jarrod -- I have no idea. The boss uninstalled it soon as he found it, so I have nothing to look at.

  9. #19
    Well, I looked through all the accounts in AD, and everything looks as it should be.

    I also tested out normal user permissions by logging on as another normal user...I couldn't install anything...hmm, I think I'm stumped.

  10. #20
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    No Angelic~

    maybe the HR manager
    Kill "human remains"......the ultimate scapegoats, no-one will ever hate you for it

    Your boss acted a bit prematurely, I would say?....have a talk if you want to "catch" them in future......hell we are talking about an app, not malware?

    good luck

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •