Hacked again...
This is a discussion about Hacked again... in the Windows Software category; Morning all. To say the least my DC has been compromised again. I've setup a Windows 2000 Adv. Server with AD and secured it with TCP port filtering along with a tightened policy setup where the user is not even allowed to right mouse button click on the domain.
Morning all.
To say the least my DC has been compromised again.
I've setup a Windows 2000 Adv. Server with AD and secured it with TCP port filtering along with a tightened policy setup where the user is not even allowed to "right mouse button click" on the domain. But whoever the bugger is, has been able to hack and give the ability to add a workstation to the domain with any user account on the AD. So long as the person is a user on the AD they can join any system to the domain. However, they still do not have access to the AD Users and Computers app to have delegation over my AD. It's most likely I was hacked from a node outside of my segment of network within my company as I do not have a firewall in place yet to protect my segment of network. So far it seems that joining systems to the domain is the extent of the damage. I've checked policy settings and built-in account groups to see if anything had been tampered with (eg. any users added to any of the Admin groups) and came up with nothing.
Can anyone tell me anywhere else I can look to see who has been given delegation or permission to add a workstation to the domain keeping in mind that I've already checked the default domain policy. And also a solution to prevent the joining of a system from unauthorized user accounts.
Thanks in advance either way.
To say the least my DC has been compromised again.
I've setup a Windows 2000 Adv. Server with AD and secured it with TCP port filtering along with a tightened policy setup where the user is not even allowed to "right mouse button click" on the domain. But whoever the bugger is, has been able to hack and give the ability to add a workstation to the domain with any user account on the AD. So long as the person is a user on the AD they can join any system to the domain. However, they still do not have access to the AD Users and Computers app to have delegation over my AD. It's most likely I was hacked from a node outside of my segment of network within my company as I do not have a firewall in place yet to protect my segment of network. So far it seems that joining systems to the domain is the extent of the damage. I've checked policy settings and built-in account groups to see if anything had been tampered with (eg. any users added to any of the Admin groups) and came up with nothing.
Can anyone tell me anywhere else I can look to see who has been given delegation or permission to add a workstation to the domain keeping in mind that I've already checked the default domain policy. And also a solution to prevent the joining of a system from unauthorized user accounts.
Thanks in advance either way.
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
May 7
May 10
0
2 minutes
Responses to this topic
To join a domain you just need 'Account Operator' rights and that should give 'Create Computer Objects' priviledges and new objects are created in the Computers containter by default.
I suggest you turn on Auditing on the Domain Controllers of 'Audit Account Management' in the GPO and then you can see who is hacking your system in the Event Viewer!
I suggest you turn on Auditing on the Domain Controllers of 'Audit Account Management' in the GPO and then you can see who is hacking your system in the Event Viewer!
If the policy has not been changed, by default any Domain User can add up to 10 PCs to the domain.
This can be changed through a group policy.
This can be changed through a group policy.
