Solved

Windows Server 2008 Security

Posted on 2015-02-06
8
99 Views
Last Modified: 2015-03-03
Hi,

I saw one user account name  in C:\users folder in Windows Server 2008 R2.

The user does not have any privileges to log on to the server as the user is not the administrator or member of domain admins or enterprise admins. We are running AD 2003. I also checked the remote access is not granted to the user.

So How can the user logon to the server?

Thanks,

Raj.
0
Comment
Question by:Roger38
8 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40593875
Is there a service running under that user account?  Is Terminal Services enabled on this server and the user is allowed RDP access?  What is the date on the folder (create date and last modified date)?

Expand Registry key HKEY_USERS and look at the SIDs (these SIDs correspond to the users who have a profile on this computer).  See if one othe SIDs matches the user's SID.
0
 

Author Comment

by:Roger38
ID: 40593920
The user is not allowed RDP into the server and the date on the folder is 1-15-2015.

Seems like the user found a way around to logon to the server.

How can I verify and prevent this?
0
 
LVL 88

Expert Comment

by:rindi
ID: 40593951
It could be a local user account, and not a domain account. So maybe he logged on to the local server bypassing the domain.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:Roger38
ID: 40593983
No, Its not a local user account. Its a domain account.
0
 
LVL 2

Expert Comment

by:Marc L
ID: 40594022
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.
0
 

Accepted Solution

by:
Roger38 earned 0 total points
ID: 40594381
Have you verified your security policy on the server (Secpol.msc>Local Policies>User Rights Assignment) for the values 'Allow log on locally', 'log on as a batch job', 'log on as a service' and 'Allow log on through Remote Desktop Services', that the user is not listed or in a group that is listed?

I looked into it. All Clear. No indication of ant rights to this user.

Also, have you reviewed your security logs, and found the actually logon event, that should give you more information.

I tried that but those logs have been cleared because this is from Jan. 15, 2015 and there is a limit on the number of logs it retains.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40621511
Your comment you are accepting doesn't look like a solution to me. Why are you accepting that?
0
 

Author Closing Comment

by:Roger38
ID: 40641383
Thanks.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now