Annoyances.org
Home » Windows 2000 Discussion Forum » Message 1044695392 Search | Help | Home
  
re: Does Your colleague have total power of Your pc from his own Windows 2000 pc?
Saturday, February 8, 2003 at 1:09 am
Windows 2000 Annoyances Discussion Forum
Posted by Jorgen Malmgren (3 messages posted)

Well I will try again: Does Your colleague have total power of Your pc from his own Windows 2000 pc? Yes, If You can install programs or can run defrag (drfg.msc) on Your own computer. And You don’t see anything, while Your colleague from his own computer, can read/delete/modify/create files and documents and anything else with all of Your hard disc in his own Explorer. Why is it so? If Your Company uses Windows 2000 on a NT-network, and Your IT-System administrator have given You permission to install programs on Your own hard disc, then anybody of Your colleagues can do what they like with Your hard disc, and it happens from their own computer, and You don’t see anything, while it happens. And You can do anything You like with Your colleagues hard disc’s. Do You believe it? Is it a security hole in Windows? Coming any hotfix from Microsoft? Can Your IT- System administrator fix this with policy? Can Your IT- System administrator fix this by allowing DomainUsers 2 hours in GlobalGroups while they install programs? The answer to these questions is NO! This is how to do if You’re not an IT-System administrator: 1. Choose Start / Run 2. Input \\ComputerName\C$ and press ENTER 3. As ComputerName You must choose on of Your colleagues ComputerName 4. Exit Explorer (without doing anything), and contact Your IT-System administrator. If You don’t know Your colleagues ComputerNames, then do this: Choose Start / Run Input CMD and press ENTER Input NET VIEW and press ENTER Input EXIT and press ENTER Please don’t destroy anything on Your colleagues hard disc, it could happen to Yourself. Please contact Your IT-System administrator, and ask him to solve this problem. This is how to do, if You are the IT-System-administrator (2 choices): 1. Remove every other than Local Administrator and Domain Admins from Local Admin Group, and make different passwords on Local Administrator on each computer on Your network. Make sure to lock Your list of these passwords in Your safety box, making it possible to logon the computer, if the network fails on the computer. Then add the Domain User, who daily uses each computer, to Local Admin Group, and make sure, that he is not in any other Local Admin Group on a computer in Your Company’s network. Make sure, if a colleague suddenly has to use the computer, that You removes the first Domain User, and adds the new Domain User (who has to logon 2 times before it works), and remove the new Domain User from the Local Admin Group on the other computer, he uses each day. You must pay attention on all computers on Your network. Remember to check all Local Admin Group's a couple of times each year. With this annoying work from You, Your users can install programs and defrag their hard disc, without being able to gain access to each others hard disc’s. 2. Remove every other than Local Administrator and Domain Admins from Local Admin Group, and make different passwords on Local Administrator on each computer on Your network. Make sure to lock Your list of these passwords in Your safety box, making it possible to logon the computer, if the network fails on the computer. Make sure to remove all Domain Groups on all Local Admin Groups (but not the Domain Admins Group), if You had some, to grant to Domain Users for som hours, while they install programs. With this annoying work from You, Your users cannot install programs and cannot defrag their hard disc, and the cannot gain access to each others hard disc’s. You must install all programs on each computer on Your network, as Your users time to another must have installed. And You must defrag all the computers on Your network, when it’s necessary. All this is a problem because Microsoft created the Windows 2000 operating system this way. Read more about it on http://support.microsoft.com/?kbid=182734 If You choose to follow Microsoft’s recommendations, it the same as choosing my second explanation above. More info on www.TryWare.Dk Many Regards Jorgen Malmgren IT-supervisor Denmark


On Friday, February 7, 2003 at 9:29 pm, Carl D wrote:
>He lost me there too... I didn't get the part after Yes
>-

Carl.


Written in response to:
re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Carl D: Friday, February 7, 2003 at 9:29 pm)

Responses to this message:
*re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (hello: Saturday, February 8, 2003 at 8:44 am)

All messages in this thread [show all]
-Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Jorgen Malmgren: Fri, Feb 7, 2003, 2:48 pm)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (triplate: Fri, Feb 7, 2003, 7:20 pm)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Carl D: Fri, Feb 7, 2003, 9:29 pm)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Jorgen Malmgren: Sat, Feb 8, 2003, 1:09 am)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (hello: Sat, Feb 8, 2003, 8:44 am)
*re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (triplate: Sat, Feb 8, 2003, 5:42 pm)
*re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Jorgen Malmgren: Sun, Feb 9, 2003, 2:31 am)
Return to the Windows 2000 Discussion Forum

All content at Annoyances.org is Copyright © 1995-2008 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.