[Samba] how can a SYSTEM user access domain shares?

Tomasz Chmielewski mangoo at mch.one.pl
Fri Jun 17 12:35:09 GMT 2005

Tony Earnshaw schrieb:
> fre, 17.06.2005 kl. 11.15 skrev Tomasz Chmielewski:
> [...]
>>>i think that you can use the netlogon script
>>No, you didn't understand the problem (or I described it in a confusing 
>>Netlogon scripts are executed with permissions of a user that just logons.
>>So if "Joe" logons, this script will be executed as "Joe", and hence, no 
>>software installation, as "Joe" is not privileged enough (he's not a 
>>domain administrator for obvious reasons).
> runas (standard Windows XP/2k)-> encryptedrunas. Google for
> encryptedrunas - it's not freeware, though.
> It will enable logon scripts using the runas-type commands, with an
> encrypted system user password, so that other users can't use it.

But I don't like the idea of storing important passwords on the 
workstations, even though they are encrypted.
The reason is that an average cracker can just decrypt this password 
with Jack the Ripper or other similar tools, and thus, my whole domain 
would be compromised.


More information about the samba mailing list