On Sun, 2003-07-13 at 14:04, Etaoin Shrdlu wrote: > No. This is what happens when users assume the task of auditing, rather > than leaving it to the professionals. A "professional" eh? > Here is Retina trying the word administrator backwards. Since the account > has NO PASSWORD, it succeeds, and incorrectly logs the password as valid. Admittedly I don't know much about this retina product nor am I a windows user but a blank password does NOT equal *any* password, not even windows is that retarded. > Here's the log entry that is meaningful. You have an ADMINISTRATOR account > with no password. What were you thinking? Put a good password on the > administrator account, and be done with it. I'd suggest that a little > reading from the Microsoft site, or from any book not containing the title > words "21 days" or "dummies" would be of great benefit to you. I'd also > suggest that a part time administrator to assist you with your machines > would be helpful. I'd suggest a little reading of the original poster's email. He clearly says he *has* a password on the Administrator account and it still works, in addition to these other passwords he's been trying. > > However the system shows no evidence of these accounts in the user > > manager... but the accounts are there. > > No, no, no. The Administrator account is supposed to be there. Are you reading his email at all? He just said it's not in User Manager. Yes, it's *supposed* to be, but it's *not*. > If some > moron renamed it, the above stuff with Retina will still work. A moron? Why would you even say that? Oh right, you're the pro and he's the luser....And would you please enlighten everyone what exactly is wrong with renaming the Administrator account? Again, I don't use or even like Windows but I've had to admin Win2k boxes in my day and can tell you that renaming the Administrator account is actually a good idea. It's the only account Windows won't let you set a timeout on so it's usually a safe bet for brute-forcing the password over the network. However, if "some moron" renames it, you're going to be brute-forcing a non-existent account, or better yet a non-priv'd dummy one. > Look at the > users, under the manage menu. If there is no Administrator account, then > check by the properties menu to see what group(s) the accounts are members > of. The administrator account is traditionally a member of only the > Administrators group (kind of reminds you of setprv on VMS, hmmmmmm) I'm sorry but this is just sad... Back on topic, I have to say the parent poster is a bit short on the details and he's probably just a little confused so it might be a simple misunderstanding on his part. However, if everything he posted is correct and these boxes allow Administrator to log on with any password it sounds like he has a real problem on his hands. I just hope the "professional" he hires to fix it actually knows what they're talking about... -Herman ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 09:47:46 PDT