Solved

Windows Server 2008 Security

Posted on 2015-02-06
8
98 Views
Last Modified: 2015-03-03
Hi,

I saw one user account name  in C:\users folder in Windows Server 2008 R2.

The user does not have any privileges to log on to the server as the user is not the administrator or member of domain admins or enterprise admins. We are running AD 2003. I also checked the remote access is not granted to the user.

So How can the user logon to the server?

Thanks,

Raj.
0
Comment
Question by:Roger38
8 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40593875
Is there a service running under that user account?  Is Terminal Services enabled on this server and the user is allowed RDP access?  What is the date on the folder (create date and last modified date)?

Expand Registry key HKEY_USERS and look at the SIDs (these SIDs correspond to the users who have a profile on this computer).  See if one othe SIDs matches the user's SID.
0
 

Author Comment

by:Roger38
ID: 40593920
The user is not allowed RDP into the server and the date on the folder is 1-15-2015.

Seems like the user found a way around to logon to the server.

How can I verify and prevent this?
0
 
LVL 88

Expert Comment

by:rindi
ID: 40593951
It could be a local user account, and not a domain account. So maybe he logged on to the local server bypassing the domain.
0
 

Author Comment

by:Roger38
ID: 40593983
No, Its not a local user account. Its a domain account.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Expert Comment

by:Marc L
ID: 40594022
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.
0
 

Accepted Solution

by:
Roger38 earned 0 total points
ID: 40594381
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

I looked into it. All Clear. No indication of ant rights to this user.

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.

I tried that but those logs have been cleared because this is from Jan. 15, 2015 and there is a limit on the number of logs it retains.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40621511
Your comment you are accepting doesn't look like a solution to me. Why are you accepting that?
0
 

Author Closing Comment

by:Roger38
ID: 40641383
Thanks.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 10 4 37
Ms Filer Server Migration toolkit issues 2 48
ost file to pst 10 102
Determine if SQL is installed in Server 2008 R2 4 53
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now