[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows Server 2008 Security

Posted on 2015-02-06
8
Medium Priority
?
108 Views
Last Modified: 2015-03-03
Hi,

I saw one user account name  in C:\users folder in Windows Server 2008 R2.

The user does not have any privileges to log on to the server as the user is not the administrator or member of domain admins or enterprise admins. We are running AD 2003. I also checked the remote access is not granted to the user.

So How can the user logon to the server?

Thanks,

Raj.
0
Comment
Question by:Roger38
8 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40593875
Is there a service running under that user account?  Is Terminal Services enabled on this server and the user is allowed RDP access?  What is the date on the folder (create date and last modified date)?

Expand Registry key HKEY_USERS and look at the SIDs (these SIDs correspond to the users who have a profile on this computer).  See if one othe SIDs matches the user's SID.
0
 

Author Comment

by:Roger38
ID: 40593920
The user is not allowed RDP into the server and the date on the folder is 1-15-2015.

Seems like the user found a way around to logon to the server.

How can I verify and prevent this?
0
 
LVL 88

Expert Comment

by:rindi
ID: 40593951
It could be a local user account, and not a domain account. So maybe he logged on to the local server bypassing the domain.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:Roger38
ID: 40593983
No, Its not a local user account. Its a domain account.
0
 
LVL 2

Expert Comment

by:Marc L
ID: 40594022
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.
0
 

Accepted Solution

by:
Roger38 earned 0 total points
ID: 40594381
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

I looked into it. All Clear. No indication of ant rights to this user.

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.

I tried that but those logs have been cleared because this is from Jan. 15, 2015 and there is a limit on the number of logs it retains.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40621511
Your comment you are accepting doesn't look like a solution to me. Why are you accepting that?
0
 

Author Closing Comment

by:Roger38
ID: 40641383
Thanks.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question