Jump to content
Compatible Support Forums
Sign in to follow this  
dcxman

Hacked again...

Recommended Posts

Morning all.

 

To say the least my DC has been compromised again.

 

I've setup a Windows 2000 Adv. Server with AD and secured it with TCP port filtering along with a tightened policy setup where the user is not even allowed to "right mouse button click" on the domain. But whoever the bugger is, has been able to hack and give the ability to add a workstation to the domain with any user account on the AD. So long as the person is a user on the AD they can join any system to the domain. However, they still do not have access to the AD Users and Computers app to have delegation over my AD. It's most likely I was hacked from a node outside of my segment of network within my company as I do not have a firewall in place yet to protect my segment of network. So far it seems that joining systems to the domain is the extent of the damage. I've checked policy settings and built-in account groups to see if anything had been tampered with (eg. any users added to any of the Admin groups) and came up with nothing.

 

Can anyone tell me anywhere else I can look to see who has been given delegation or permission to add a workstation to the domain keeping in mind that I've already checked the default domain policy. And also a solution to prevent the joining of a system from unauthorized user accounts.

 

Thanks in advance either way.

Share this post


Link to post

To join a domain you just need 'Account Operator' rights and that should give 'Create Computer Objects' priviledges and new objects are created in the Computers containter by default.

 

I suggest you turn on Auditing on the Domain Controllers of 'Audit Account Management' in the GPO and then you can see who is hacking your system in the Event Viewer!

 

Share this post


Link to post

If the policy has not been changed, by default any Domain User can add up to 10 PCs to the domain.

 

This can be changed through a group policy.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×