Windows Admin pack - AD DS
Posted on 2009-04-08
If any users in our domain installs Windows Admin Pack on their XP machine they are able to manage\access all Active directory domain services (ADUC, AD sites and services, CA....etc). Users are not members of any elevated domain groups, in fact I created a test user who was only a member of domain users and it was able to access all AD DS. Checked the domain users group which has not got any elevated permissions.
Luckily I am the only one who knows about this at the moment so I am eager to secure AD DS before anyone else finds out.