Microsoft NT Network Administrators (Domain and Local)

Discussion in 'Computers' started by MarkHastings, Jun 26, 2003.

  1. MarkHastings

    MarkHastings Executive Producer

    Joined:
    Jan 27, 2003
    Messages:
    12,013
    Likes Received:
    1
    I know this is going to be a loaded question, but hopefully someone can answer it simply enough.

    At work we had this guy (Jim) who set up our network. Jim quit about a year ago and his co-worker (Stacey) took over the job. Now Jim left on VERY bad terms and wouldn't give out his admin password. Stacey (who is now in charge of the network) isn't 100% knowledgeable in networks and she usually asks me for advice (since I am more knowledgeable than most others in the company in computers).

    Here's where things start to get crazy. We have this moron engineer (Paul) who thought he was being smart and deleted Jims profile (his regular profile and not the admin profile). In the meantime, Stacey changed Jims admin password.

    Now my boss is worried about security and called Jim and demanded his admin password. Jim gave it to my boss and we (Stacey and I) tried it out but it doesn't work.

    I'm assuming because Stacey changed Jims password is why it doesn't work. I'm assuming we are safe now that the password is changed?

    The question is:

    Since Jim set up the network systems, is there a Super-User name and password that we should be looking for? I know there is an admin to the network, but isn't there also an admin password to the computer? Or are they the same?

    Also, when we try to log into the network system, we only get the two network domains as an option...should we be able to log into the computer itself?

    Hopefully these questions and answers don't get too complicated. I'm not very familiar in networks and I'm trying to see if I can get some answers on my own to help Stacey out.

    We just want to be certain that we've covered our bases and blocked any open doors that Jim could get in through.
     
  2. Shayne Lebrun

    Shayne Lebrun Screenwriter

    Joined:
    Jun 17, 1999
    Messages:
    1,086
    Likes Received:
    0
    What you'd want to do is take a look at the Administrators, Domain Administrators and Enterprise Administrators groups in the domain. Depending on your setup and versions, you'll have 1 or all of those. Generally, the most important one, however, is the Domain Administrators.

    Note every user who is a part of that group. All of those users are 'super-users' across the network. These are the accounts that you need to do something about.
     
  3. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Also, those two domains you have; one is probably the computer itself. You usually have a local "domain" with a separate Administrator account on each computer. Once that computer is joined to a network domain, the domain administrator can then administer the computer as well.

    The accounts are usually named just that, Administrator, but you can, as Shayne points out, give full admin priviledges to any account you like.
     
  4. MarkHastings

    MarkHastings Executive Producer

    Joined:
    Jan 27, 2003
    Messages:
    12,013
    Likes Received:
    1
     
  5. Andrew JC

    Andrew JC Stunt Coordinator

    Joined:
    Nov 29, 2001
    Messages:
    86
    Likes Received:
    0
    Mark, If I was in your situation I would change all passwords for all users just to make sure. If are talking about Windows NT 4.0 server that would most definitely be the thing to do. If you’re former admin made an ERD and left with it. Your passwords can be easily be cracked within minutes. Also a complete virus scan should be done. This should able to detect if any Trojans, Worms, or other malicious code is on the system. As long as your virus definitions are up to date. Good luck…….andy
     
  6. MarkHastings

    MarkHastings Executive Producer

    Joined:
    Jan 27, 2003
    Messages:
    12,013
    Likes Received:
    1
    I've rechanged my admin password and any new IT admins have been added after the former admin left, so I think we're ok, but I'll relay the info to the new IT admin.

    What do you mean by ERD? Emergency Repair Disc?


    p.s. Yes, it is Windows NT 4.0 Networking
     
  7. Andrew JC

    Andrew JC Stunt Coordinator

    Joined:
    Nov 29, 2001
    Messages:
    86
    Likes Received:
    0
    Mark, Yes you are right about the ERD. At the command prompt if you type rdisk /s the s is for security. With this disk the passwords can be broken. Trust me I know [​IMG] .
    take care...andy
     
  8. Roy C.

    Roy C. Second Unit

    Joined:
    Jul 20, 1999
    Messages:
    356
    Likes Received:
    0
    Does he have unlimited access to the whole company, servers, workstaiton, etc? This to me would be the biggest concern. Not just with a password but can he wipe out data?

    The ERD only works if you try to restore any SAM stuff on the exact server it was created on. In other words, you can not take one ERD and restore in onto another server. Also, since it sounds like yours is a small company, you might want to go and do a mass password change (pick all users and check box, must change password) because you can't know which ones he might remember or wrote down. Further, look at all the administrator groups and check for membership to make sure only the ones you want/need are included. By administrators, I mean, Domain, Local, Server, Backup, etc. in advanced rights...

    Good luck.

    Roy C.
     
  9. MarkHastings

    MarkHastings Executive Producer

    Joined:
    Jan 27, 2003
    Messages:
    12,013
    Likes Received:
    1
    This guy no longer works at the company (i.e. He physically can't get on the servers). The big issue was he was using his email account to use our server for his web site. When my boss found out that he was FTPing into our server he flipped out. We deleted his account (email) so he can't use it to get in anymore, we just want to be certain we've got our buts covered. We don't want him getting into the server through some other name and password.
     

Share This Page