October 24th, 2007, 06:42 PM
System installations with non admin account.
I work in a computer lab for my university. The computers have all been set up now to require us students to logon to the domain, using our student ids. Our birthday is our password by default, but we can have it changed. When we logon to the workstations we have limited accounts, but whatever we download to that workstation, will save on that workstation - no deepfreeze.
Whatever changes we make on the system will only affect our account, that's the jist of it.
Someone has managed to do a system wide install, so their files and spywares, etc are affecting my productivity. Sure I can just change workstations, but I want to know how this works. I'm gonna get back in there and try to see what's going on.
October 24th, 2007, 06:52 PM
OK mate, you don't say which OS but I would guess Win2000 or XP?
So, you will login to your account and presumably be authenticated by the server? this then lets you use the workstation, which I presume has your user profile on it?
A quick guess is that the attack is coming through the default user profile that loads for anyone logging into the machine?
What happens if you unplug the desktop from the network? can you still login as a local user?
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
October 24th, 2007, 11:42 PM
@nihil: Since he is talking about domains, the primary OS that will be used will be either Win2000 or Win XP (leaving the integration of Linux in a Windows network). Once again, a system wide install which has some sort of spyware or other virus increases the chancesof the OS belonging to the Windows family!
@ngboot: I am not sure how your domain has been setup and how everything works. But keeping it simple, I would say that a system wide change can be made only by an administrator. Now, if the admin had installed (or has allowed) some virus or other spyware, the virus/spyware at the time of installation had full privileges and must have infected as many parts of the OS as it could. Of course the primary target is as said by nihil, the DEFAULT user profile. You can check the startup settings from the registry from HKU/.default . I think that something must be present there. If it is not, i would request you to kindly tell what type of disturbances does it create to you. This would help someone zero down on the error.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 02:51 PM
By CuseMMA in forum Other Tutorials Forum
Last Post: May 27th, 2005, 08:45 PM
By gore in forum Operating Systems
Last Post: February 25th, 2005, 08:12 AM
By zerocol666 in forum Miscellaneous Security Discussions
Last Post: April 26th, 2003, 04:29 PM
By Ennis in forum The Security Tutorials Forum
Last Post: November 15th, 2001, 07:42 PM