Annoyances.org
Home » Windows 2000 Discussion Forum » Message 1044786694 Search | Help | Home
  
re: Does Your colleague have total power of Your pc from his own Windows 2000 pc?
Sunday, February 9, 2003 at 2:31 am
Windows 2000 Annoyances Discussion Forum
Posted by Jorgen Malmgren (3 messages posted) 

Well - I hope it's better this time:

Yes, If You can install programs or can run defrag (drfg.msc) on Your own computer.


And You don’t see anything, while Your colleague from his own computer, can 
read/delete/modify/create files and documents and anything else with all of Your 
hard disc in his own Explorer.


Why is it so? 


If Your Company uses Windows 2000 on a NT-network, and Your IT-System administrator 
have given You permission to install programs on Your own hard disc, then anybody 
of Your colleagues can do what they like with Your hard disc, and it happens from 
their 
own computer, and You don’t see anything, while it happens.


And You can do anything You like with Your colleagues hard disc’s.


Do You believe it?

Is it a security hole in Windows?

Coming any hotfix from Microsoft?

Can Your IT- System administrator fix this with policy?

Can Your IT- System administrator fix this by allowing DomainUsers 2 hours in GlobalGroups 
while they install programs?



The answer to these questions is NO!



This is how to do if You’re not an IT-System administrator:

1. Choose Start / Run

2. Input \\ComputerName\C$ and press ENTER

3. As ComputerName You must choose on of Your colleagues ComputerName

4. Exit Explorer (without doing anything), and contact Your IT-System administrator.



If You don’t know Your colleagues ComputerNames, then do this:

Choose Start / Run

Input CMD and press ENTER

Input NET VIEW and press ENTER

Input EXIT and press ENTER



Please don’t destroy anything on Your colleagues hard disc, it could happen 
to Yourself. Please contact Your IT-System administrator, and ask him to solve this 
problem.


This is how to do, if You are the IT-System-Administrator (2 choices):



1. Remove every other than Local Administrator and Domain Admins from Local Admin 
Group, and make different passwords on Local Administrator on each computer on Your 
network. Make sure to lock Your list of these passwords in Your safety box, making 
it 
possible to logon the computer, if the network fails on the computer.

Then add the Domain User, who daily uses each computer, to Local Admin Group, and 
make sure, that he is not in any other Local Admin Group on a computer in Your Company’s 
network.

Make sure, if a colleague suddenly has to use the computer, that You removes the 
first Domain User, and adds the new Domain User (who has to logon 2 times before 
it works), and remove the new Domain User from the Local Admin Group on the other 
computer, he uses each day.


You must pay attention on all computers on Your network. Remember to check all Local 
Admin Group's a couple of times each year.


With this annoying work from You, Your users can install programs and defrag their 
hard disc, without being able to gain access to each others hard disc’s.



2. Remove every other than Local Administrator and Domain Admins from Local Admin 
Group, and make different passwords on Local Administrator on each computer on Your 
network. Make sure to lock Your list of these passwords in Your safety box, making 
it possible to logon the computer, if the network fails on the computer.

Make sure to remove all Domain Groups on all Local Admin Groups (but not the Domain 
Admins Group), if You had some, to grant to Domain Users for som hours, while they 
install programs. 


With this annoying work from You, Your users cannot install programs and cannot defrag 
their hard disc, and the cannot gain access to each others hard disc’s.


You must install all programs on each computer on Your network, as Your users time 
to another must have installed. And You must defrag all the computers on Your network, 
when it’s necessary.




All this is a problem because Microsoft created the Windows 2000 operating system 
this way. Read more about it on http://support.microsoft.com/?kbid=182734



If You choose to follow Microsoft’s recommendations, it the same as choosing 
my second explanation above. 




More info on www.TryWare.Dk



Many Regards



Jorgen Malmgren


IT-supervisor

Denmark











On Saturday, February 8, 2003 at 8:44 am, hello wrote:
>thats one long sentence.....my eyes hurt....and i still dont get what he's trying 
>to say...
>
>



Written in response to:
re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (hello: Saturday, February 8, 2003 at 8:44 am)

There are presently no replies to this message.

All messages in this thread [show all]
-Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Jorgen Malmgren: Fri, Feb 7, 2003, 2:48 pm)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (triplate: Fri, Feb 7, 2003, 7:20 pm)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Carl D: Fri, Feb 7, 2003, 9:29 pm)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Jorgen Malmgren: Sat, Feb 8, 2003, 1:09 am)
-re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (hello: Sat, Feb 8, 2003, 8:44 am)
*re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (triplate: Sat, Feb 8, 2003, 5:42 pm)
*re: Does Your colleague have total power of Your pc from his own Windows 2000 pc? (Jorgen Malmgren: Sun, Feb 9, 2003, 2:31 am)
Return to the Windows 2000 Discussion Forum

All content at Annoyances.org is Copyright © 1995-2008 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.