Microsoft NT Network Administrators (Domain and Local) (1 Viewer)

[MarkHastings]

I know this is going to be a loaded question, but hopefully someone can answer it simply enough.

At work we had this guy (Jim) who set up our network. Jim quit about a year ago and his co-worker (Stacey) took over the job. Now Jim left on VERY bad terms and wouldn't give out his admin password. Stacey (who is now in charge of the network) isn't 100% knowledgeable in networks and she usually asks me for advice (since I am more knowledgeable than most others in the company in computers).

Here's where things start to get crazy. We have this moron engineer (Paul) who thought he was being smart and deleted Jims profile (his regular profile and not the admin profile). In the meantime, Stacey changed Jims admin password.

Now my boss is worried about security and called Jim and demanded his admin password. Jim gave it to my boss and we (Stacey and I) tried it out but it doesn't work.

I'm assuming because Stacey changed Jims password is why it doesn't work. I'm assuming we are safe now that the password is changed?

The question is:

Since Jim set up the network systems, is there a Super-User name and password that we should be looking for? I know there is an admin to the network, but isn't there also an admin password to the computer? Or are they the same?

Also, when we try to log into the network system, we only get the two network domains as an option...should we be able to log into the computer itself?

Hopefully these questions and answers don't get too complicated. I'm not very familiar in networks and I'm trying to see if I can get some answers on my own to help Stacey out.

We just want to be certain that we've covered our bases and blocked any open doors that Jim could get in through.

 

[Shayne Lebrun]

What you'd want to do is take a look at the Administrators, Domain Administrators and Enterprise Administrators groups in the domain. Depending on your setup and versions, you'll have 1 or all of those. Generally, the most important one, however, is the Domain Administrators.

Note every user who is a part of that group. All of those users are 'super-users' across the network. These are the accounts that you need to do something about.

 

[Kimmo Jaskari]

Also, those two domains you have; one is probably the computer itself. You usually have a local "domain" with a separate Administrator account on each computer. Once that computer is joined to a network domain, the domain administrator can then administer the computer as well.

The accounts are usually named just that, Administrator, but you can, as Shayne points out, give full admin priviledges to any account you like.

 

[MarkHastings]

give full admin privileges to any account you like.

I'm fine with the permissions we currently have set up. The big issue here is, this Jim recently got into a big argument with our engineer and we want to be certain that we have blocked every doorway into our system so that he doesn't try to take out his vengeance. We've deleted his regular user account, we've changed his admin password and taken all privileges off of it as well.

I just want to be certain that there is no "Super-User" account that we don't know about. I always thought there was an Admin to the computer itself that was different than the Admin to the network. Or are they basically the same?

Am I safe to assume that now that we've taken Jims privileges away and given them to the new IT person (Stacey), that Stacey is now in full control of the network?

 

[Andrew JC]

Mark, If I was in your situation I would change all passwords for all users just to make sure. If are talking about Windows NT 4.0 server that would most definitely be the thing to do. If you’re former admin made an ERD and left with it. Your passwords can be easily be cracked within minutes. Also a complete virus scan should be done. This should able to detect if any Trojans, Worms, or other malicious code is on the system. As long as your virus definitions are up to date. Good luck…….andy

 

[MarkHastings]

I've rechanged my admin password and any new IT admins have been added after the former admin left, so I think we're ok, but I'll relay the info to the new IT admin.

What do you mean by ERD? Emergency Repair Disc?


p.s. Yes, it is Windows NT 4.0 Networking

 

[Andrew JC]

Mark, Yes you are right about the ERD. At the command prompt if you type rdisk /s the s is for security. With this disk the passwords can be broken. Trust me I know .
take care...andy

 

[Roy C.]

Does he have unlimited access to the whole company, servers, workstaiton, etc? This to me would be the biggest concern. Not just with a password but can he wipe out data?

The ERD only works if you try to restore any SAM stuff on the exact server it was created on. In other words, you can not take one ERD and restore in onto another server. Also, since it sounds like yours is a small company, you might want to go and do a mass password change (pick all users and check box, must change password) because you can't know which ones he might remember or wrote down. Further, look at all the administrator groups and check for membership to make sure only the ones you want/need are included. By administrators, I mean, Domain, Local, Server, Backup, etc. in advanced rights...

Good luck.

Roy C.

 

[MarkHastings]

This guy no longer works at the company (i.e. He physically can't get on the servers). The big issue was he was using his email account to use our server for his web site. When my boss found out that he was FTPing into our server he flipped out. We deleted his account (email) so he can't use it to get in anymore, we just want to be certain we've got our buts covered. We don't want him getting into the server through some other name and password.