[Samba] Samba 4.1.7 AD DC - Local Administrator == Domain Administrator ?!?

Peter Schaefer peter.schaefer at gmx.de
Sun Jan 5 10:10:17 MST 2014


Am 1/5/2014 6:22 AM, Dustin C. Hatch wrote:
> Is the password for the Administrator account on the workstation the same as the password for the domain
> Administrator? If so, Windows will seamlessly use that password to authenticate to network services, and you will be
> logged in as the domain Administrator instead.

Ugh. That's .... nice. And so ... courteous ... of Windows. The passwords were the same, indeed. Thanks for the explanation.

> Typically, in an AD environment, several precautions are taken to prevent this: a) don't use the same password for any
> local account as for any domain account; b) disable the local Administrator account c) rename and/or disable the
> domain Administrator account, and instead use another user account who is a member of Domain Admins

Lesson learned :-). That would be something for the howto, too, i suggest.

Regards,
  Peter



More information about the samba mailing list