Penetration Testing mailing list archives
Re: How to find the users with local admin rights?
From: Teh Fizzgig <fizzgig () foofus net>
Date: Sun, 08 Apr 2007 15:58:54 -0500
WALI wrote:
Hi, on the same lines as an earlier posted who sought to find Blank passwords, I was wondering if there is a way to find out, as to who all have Local Administration Rights in my domain?
We have a tool we use internally that's not 100% stable called OWNR. The module that performs this action uses the NetUserGetInfo API function to do it's dirty work by looking at the usri11_priv field (using the "USER_INFO_11" information structure - this makes more sense when you read the API docs). :) I haven't really spent any time searching out a ready-made tool to do it, but it would be pretty easy to write a script/simple program to do this. Look for accounts which have a user privilege level of 2. Those will be your admin accounts. Keep in mind you *may* need to have admin privileges to run this API with this level of detail (easy enough if you are a domain admin). FWIW, I am working on a new version of this tool for public consumption that will address this as well as a lot more Windows domain data gathering tasks. I'll post to the list as the release draws closer - I imagine I'm still at least a month out. If you want help writing a script/program though let me know, since I've already done it. :)
I mean, I want to Audit is if our Helpdesk personnel has scrupulously given Local Admin rights on workstations, or created user accounts with Local Admin rights for their friends/acquaintances etc.
Indeed - we strongly recommend to our customers that they audit this frequently. This is obviously easy at a domain level, but monitoring local admin accounts can be a pain.
I was wondering, if there is an alternative to restrict HelpDesk from knowing local Admin username and password and still do not effect their ability to troubleshoot a problem in case they need to have escalated rights on someone's PC?
Make them a member of a domain group that is in the Administrators group on local workstations? I strongly advise against giving HelpDesk folks domain admin credentials unless they are the same ones doing actual domain-level sys admin tasks. This is pushable via group policy. --fizzgig ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Query for blank passwords in Active Directory igor . mamuzic (Apr 04)
- Re: Query for blank passwords in Active Directory Teh Fizzgig (Apr 04)
- Re: Query for blank passwords in Active Directory Marco Ivaldi (Apr 06)
- Message not available
- Re: Query for blank passwords in Active Directory Thor (Hammer of God) (Apr 08)
- Re: Query for blank passwords in Active Directory Teh Fizzgig (Apr 04)
- Re: Query for blank passwords in Active Directory SD List (Apr 06)
- How to find the users with local admin rights? WALI (Apr 08)
- Re: How to find the users with local admin rights? Teh Fizzgig (Apr 10)
- How to find the users with local admin rights? WALI (Apr 08)