[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

"Everyone" can add or remove themselves from Domain Administrator account whenever they want to

Posted on 2004-11-23
5
Medium Priority
?
239 Views
Last Modified: 2010-04-14
I am running a mixed mode network and I currently have 2 W2k AD DC and 1 WINNT PDC. I am only running 4 limited Group Policies and none of these effect security. I notice that the Everyone group has the ability to Add/Remove themselves from the Domain Administrator account. I have explicitly denied this and within a short time (maybe through replication or policy refresh) it returns as Approved. This is a major security fault please help. I am not sure if there is a default setting I am unaware of. On another side note I experienced the "The Local Policy of the system does not permit you to logon interactively" I used the ntrights.exe and was able to get back in but have since had this happen again. Looking through my GPO I do not see anything that would make this happen. I listed this because I am hoping they are somehow related. Any help would be appreciated.
0
Comment
Question by:fabres
  • 2
2 Comments
 
LVL 18

Accepted Solution

by:
luv2smile earned 2000 total points
ID: 12657031
"The Local Policy of the system does not permit you to logon interactively"

For this error you have to give the user rights in the local security policy on the client.

gpedit.msc

computer config- windows settings- security- local policies- user rights assignment- log on locally
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12657055
I assume you mean that users are able to add themselves to the domain admin group?

Go into active directory users and computers- users- then click on the domain admin group

The members tab will list the members and the security tab will list who has rights to this group. You need to remove the everyone group from this security tab.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Currently, there is an issue with being able to copy values from an external application to a dropdown list in Project Web Access (PWA).  The standard copy and paste methods don't seem to work properly. Here is a way to accomplish this task to s…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question