Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Novell Admin user gets Administrator rights in W2k Pro

Posted on 2001-06-27
12
Medium Priority
?
319 Views
Last Modified: 2008-03-06
Hi guys,

Is it possible to prevent a novell user with Admin rights from getting admin rights to a Windows 2000 Pro workstation. He can do with Power user rights on this machine.
0
Comment
Question by:Ben Keyser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6231666
Sure.  Just make sure that he is not a member of the Administrators group.  By default you do not have to be a local workstation admin to run the netware admin apps.  Unless you are using NDS for NT or Zen Works, the user would not be added to the administrator group anyway.
0
 
LVL 1

Author Comment

by:Ben Keyser
ID: 6232652
1) Not using NDS for NT.
2) He gets added to the Administrators group the moment he logs on. Tried and tested.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6232708
Do you have a  2000 or NT 4.0 domain that you are also logging onto?
0
Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

 
LVL 3

Accepted Solution

by:
sverre earned 400 total points
ID: 6234582
"Not using NDS for NT"
How about ZEN-works?
Maybe a policy is creating a dynamic local user?
When the user not is logged into the machine, is there any useracount for that specific user in Usermanager?
If not, you are deffinitly using dynamic local user or having a domaincontroler.
If you have a domaincontroler, check the useracount in Usermanager for Domains (on the domaincontroler)
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 6235527
Ben,

Your network is using ZENworks for Desktops 1.x/2.0/3.0 - the network admin has configured the Windows NT packages for something called Dynamic Local Users and given it Windows NT Administrator privleages.

This allows him to log into ANY Windows NT or 2000 computer attached to the network.  Even if you go and delete the user account on the computer.

Being that he is the network admin (and you are not) - it seems that this is his right.  If he is not supposed to be doing this then take it up with his supervisor.

However, if this is his job then as a user you have no rights to stop him.

Consider yourself fortunate that YOU have Administrator rights to your desktop - if it were up to me I'd adjust the properties of the Windows NT package and you would be logging in with just enough rights to launch Word (which is what we do - users can use applications but do not have rights to modify the desktop OS in any way - including installing software or making configuration changes).
0
 
LVL 1

Author Comment

by:Ben Keyser
ID: 6236900
DSPoole,

I will disregard your comment. As far as I am concerned, the discussion is not about the superiority of the Net Admin. I have admin rights (rightfully) to the Network AND workstation. The problem is that some of the techies with Admin rights log into my workstation and load software to experiment with, on my machine, causing all kinds of problems on my PC. Supporting clients with a PC that crashes constantly is painful.

If you have anything constructive to say, such as Sverre and Geoffryn and others, please do so. Else stay out. You have a very arrogant way of conveying your message. By the way, as I assume you are also an IT professional, I will ask you as pro to pro - please do not disgrace the other IT pro's with this attitude.

Ben Keyser.

By the way - we are not using ZEN - FYI
0
 
LVL 3

Expert Comment

by:sverre
ID: 6236944
Just a thoght! ( i havent tested it my self!)
If you create a local useracount with no administrator rights on that particular user, does the local rights come from the domain or the local sam?
0
 
LVL 1

Author Comment

by:Ben Keyser
ID: 6237006
Well, I dived into NWAdmin just now and made an interesting discovery. One of the guys (obviously after realising that I created him a user acount WITHOUT admin rights to the workstation) created a polizy, using ZEN for a dynaminc user with ADMIN rights.

So, to MR Dspoole, it seemed that ZEN did play a role after all, allthough we do not use ZEN as a rule, ONLY to create backdoors, it seems.

Thanks for all who helped, but the expert points will go to Sverre this time.

Ben
0
 
LVL 1

Author Comment

by:Ben Keyser
ID: 6237009
See prevoius comment.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 6239983
Ben,

1)  I have seen many comments and questions from users trying to bypass administrator security and protocols - my mistake for assuming you were one of them.

2)  At least I can tell when ZENworks is in use :P
0
 
LVL 1

Author Comment

by:Ben Keyser
ID: 6245090
DSPoole

Accepted
0
 
LVL 1

Author Comment

by:Ben Keyser
ID: 6245097
DSPoole,

May I add my personal philosophy:

Assumptions is the mother oa all f!@#-ups!!

 ;)
Ben
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Geo-targeting is the practice of distributing content based on a person’s location, as best as you can determine it. Let’s look at some ways you could successfully use this tactic. The following tips and case studies could lead to meaningful results.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question