Solved

Problem with Joining Domain

Posted on 2008-10-16
7
226 Views
Last Modified: 2013-12-04
We have a network where a user without Administrative privleges is able to join computers that he reformats on the domian. We don't know how he is doing it and need to prevent him from doing this and also need to know how he is doing this before we contact the managment. Besideds Administrator's privilages what other methods are there? Also is there anything on windows Event Logs that we can be looking for? We also noticed that his newly rebuilded computer has port 2002 open on it.
0
Comment
Question by:mavrukin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
mirzas earned 500 total points
ID: 22732283
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732305
In ADUC check his account properties and hit the member of tab, what security groups is he a member of?  You can start there...Account Operator privledges and Allow join computers to domain are other options that would allow that user to join computers to the domain...
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732324
But that is limited to only ten, it sounds like he has passed that limit?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 6

Expert Comment

by:mirzas
ID: 22732356
Then just set it to zero.
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22732365
The limit is 10 different hostnames not ten times the same hostname.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22748971
HI, thank you for the responses. No he has not passed this limit. We need to lock his account to the way it was before. In ADUC he is not a member of anything. However ms-ds-machineaccountquota has been altered. How do we change it back to Not Set? Right now he has a long binary code. Even if you switch it to decimal it still shows about 30 groups of 3 digit numbers.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22750062
Sorry, I meant ms-DS-CreatorSID has been altered.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
OfficeMate Freezes on login or does not load after login credentials are input.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question