December 16th, 2005, 07:42 PM
The sad thing about all of this is, I noticed the activity after I had reimaged a lab so anything that my "arch-enemy" was doing was wiped out. Of course, without the image I might not have noticed in the first place...double edged sword. It has taught me that I need to be WAY more vigilant though. One other question I have though, if the domain admin account had a profile on a machine, can the password somehow be decrypted out if that profile? I thought I read something about that in the past few days while I have been trying to figure out, just how much I don't know...which apparently is quite a bit.
December 16th, 2005, 07:48 PM
It may be possible, with a cracking tool, to ferret out the domain admin passwords. My own policies cleared those from systems on logout, in my previous life. But, I also didn't use those for logins. Use a non-priviledged account for login, then runas for the heavy stuff.
Tutorial: Setting Up Promiscuous Mode
Just hadda do that.
1. Saturday Night, Shower and shave.
2. Polish the black Justins.
3. Dust off the Stetson.
4. Dress with nice western shirt, jeans, Justins and Stetson. Skoal in back pocket.
5. Drive to honkey tonk.
6. Enter honkey tonk.
7. Order three shots whiskey at bar and slam 'em down.
8. Order beer for chaser.
9. Turn around and scan the floor.
10. Promiscuous Mode ON!
December 16th, 2005, 07:50 PM
If you set the domain policy such that the clients don't cache passwords then there will be no passwords or their hashes from the domain stored on the client. The authentication will have to take place over the network.
To test for this setting log in as a domain user that has rights on the local machine. Log out, disconnect the network cable and try logging in as the same domain user. If it comes back telling you the domain can't be found then the setting is set correctly. If it logs you in to the local machine then it is not.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides