[Samba] how can a SYSTEM user access domain shares?
Tomasz Chmielewski
mangoo at mch.one.pl
Fri Jun 17 12:35:09 GMT 2005
Tony Earnshaw schrieb:
> fre, 17.06.2005 kl. 11.15 skrev Tomasz Chmielewski:
>
> [...]
>
>
>>>i think that you can use the netlogon script
>>
>>No, you didn't understand the problem (or I described it in a confusing
>>way).
>>
>>Netlogon scripts are executed with permissions of a user that just logons.
>>
>>So if "Joe" logons, this script will be executed as "Joe", and hence, no
>>software installation, as "Joe" is not privileged enough (he's not a
>>domain administrator for obvious reasons).
>
>
> runas (standard Windows XP/2k)-> encryptedrunas. Google for
> encryptedrunas - it's not freeware, though.
>
> It will enable logon scripts using the runas-type commands, with an
> encrypted system user password, so that other users can't use it.
But I don't like the idea of storing important passwords on the
workstations, even though they are encrypted.
The reason is that an average cracker can just decrypt this password
with Jack the Ripper or other similar tools, and thus, my whole domain
would be compromised.
--
Tomek
More information about the samba
mailing list