Solved

Windows Server 2008 Security

Posted on 2015-02-06
8
101 Views
Last Modified: 2015-03-03
Hi,

I saw one user account name  in C:\users folder in Windows Server 2008 R2.

The user does not have any privileges to log on to the server as the user is not the administrator or member of domain admins or enterprise admins. We are running AD 2003. I also checked the remote access is not granted to the user.

So How can the user logon to the server?

Thanks,

Raj.
0
Comment
Question by:Roger38
8 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40593875
Is there a service running under that user account?  Is Terminal Services enabled on this server and the user is allowed RDP access?  What is the date on the folder (create date and last modified date)?

Expand Registry key HKEY_USERS and look at the SIDs (these SIDs correspond to the users who have a profile on this computer).  See if one othe SIDs matches the user's SID.
0
 

Author Comment

by:Roger38
ID: 40593920
The user is not allowed RDP into the server and the date on the folder is 1-15-2015.

Seems like the user found a way around to logon to the server.

How can I verify and prevent this?
0
 
LVL 88

Expert Comment

by:rindi
ID: 40593951
It could be a local user account, and not a domain account. So maybe he logged on to the local server bypassing the domain.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Roger38
ID: 40593983
No, Its not a local user account. Its a domain account.
0
 
LVL 2

Expert Comment

by:Marc L
ID: 40594022
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.
0
 

Accepted Solution

by:
Roger38 earned 0 total points
ID: 40594381
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

I looked into it. All Clear. No indication of ant rights to this user.

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.

I tried that but those logs have been cleared because this is from Jan. 15, 2015 and there is a limit on the number of logs it retains.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40621511
Your comment you are accepting doesn't look like a solution to me. Why are you accepting that?
0
 

Author Closing Comment

by:Roger38
ID: 40641383
Thanks.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question