more details about admin powers

[bijoy82]

hi
sorry first i mistakenly posted it in network security discussions
I am new to novell.i want 2 know if there is any way one system admin can find out another account with the same admin rights exits in the network in another username. or he can find out when he last login to the system.
& where the password files are saved in the network and with the admin power wheather i can find out the passwords of other useres or admins

[The Duck]

So let me get this straight, you want to know if a admin can find out if there is another admin account on a network? The answer is yes. I guess you also want to know if a admin can get the passwords to another admin account and other user accounts? The answer is once again yes.

[Relyt]

Good Day Bijoy82 and welcome to AO!

I am new to novell.i want 2 know if there is any way one system admin can find out another account with the same admin rights exits in the network in another username. or he can find out when he last login to the system.

The answer to these questions is yes with some explanations of course. You can have multiple administrators and assign them full privileges over all domains. You can have multiple administrators and assign them limited privileges over all domains. You can have multiple administrators and with full privileges only within their own domain. And of course, you can have multiple administrators and with limited privileges within their own domain.

Most likely you would have one GroupWise Administrator with privileges over all domains and other administrators who are each responsible for their own domain.

In essence the limits are only bound by your creativity governed by your needs.

& where the password files are saved in the network and with the admin power wheather i can find out the passwords of other useres or admins

This quote was posted by one of our Senior Members - muert0 - on this thread click http://www.antionline.com/showthread.php?s=&threadid=262641] here: [/URL]

...the password file isn't in the open. All objects and their properties are kept in the bindery files on 2.x and 3.x, and kept in the NDS database in 4.x. An example of an object might be a printer, a group, an individual's account etc. An example of an object's properties might include an account's password or full user name, or a group's member list or full name. The bindery files attributes (or flags) in 2.x and 3.x are Hidden and System, and these files are located on the SYS: volume in the SYSTEM subdirectory. Their names are as follows:

Netware version File Names
--------------- ----------
2.x NET$BIND.SYS, NET$BVAL.SYS
3.x NET$OBJ.SYS, NET$PROP.SYS, NET$VAL.SYS

The NET$BVAL.SYS and NET$VAL.SYS are where the passwords are actually located in 2.x and 3.x respectively.

In Netware 4.x, the files are located in a different location on the SYS: volume. It is a hidden directory called _NETWARE. In this directory are located the NDS files, license files, and a number of other system-related files such as login scripts and auditing files.”

There is a wealth of information at the two links below.

The first link below is a good FAQ Section Click on FAQ

The second is a guide, Click on Guide


Enjoy you time here

cheers.

[|3lack|ce]

Welcome to AO. I did certs in 4.11, then had it all rendered obsolete when 5.0 was released - but - NDS is your friend and will hold all the things you'll need to admin 4.x. From what I saw of 5.0 and ZenWorks on release, they're wonderful compared to the old way of doing things, but NDS is still crucial. Learn it first and best.

A suggestion from the CNI that taught some of my Novell courses when that question (invariably) arose - It is always best to have only 1 full on admin account, and to have that account disassociated from any groups, and to only use it when actually doing the hardcore stuff. You can set up 'sub admin' accounts with increasingly limited powers to accomplish whatever ends you need - IE 1 to just create base user accounts/basic rights, a bit more powerful one to control groups, assign users and edit rights of specific groups, etc. From that point you can assign equivalent rights to the 'low power' accounts to folks who'll need them and know what they're doing ... A project leader who needs to assign specific but varying user rights to his underlings, for example.

Luck to you!

[bijoy82]

Hi guys
Thanks for ur replys.My first doubts are cleared but dont mind now i hav some other doubts ;-)

1)How can they find out the users and admins passwords?
2) Is there any way i can enter into the network undetected using another admins account?
3)Or is there anyway i can cover my tracks after entering and logging out from the system?
4) Is there any way 2 assign rights over other users folders 2 a particular user?

Actually i want to create a admin account without getting detected by the real administrator or i want 2 use his account without his knowledge and i dont want him 2 find me

is there really any way 2 do it

Thanks in advance this time guys

Bijoy

[Relyt]

bijoy82, bijoy82, bijoy82

You have shifted from asking some generalized informational type questions that we eagerly assisted you with, to questions that would definitely imply that you want to carryout some unscrupulous acts.

Is there any way i can enter into the network undetected using another admins account?

3)Or is there anyway i can cover my tracks after entering and logging out from the system?

Actually i want to create a admin account without getting detected by the real administrator or i want 2 use his account without his knowledge and i dont want him 2 find me

Whats up with this?

[|3lack|ce]

We're not going to teach you how to hack Novell. Have a nice day, enjoy the reds.