Hi Folks,
In our sql server 2005 cluster server, we have a loginuser called
NT AUTHORITY\SYSTEM with sysadmin server role.
What is the purpose of that account?
Can we delete that login?
If we delete that will there be any problems?
We are using separate domain accounts for all sql services.
Please help.
Thank you
--KumarKumar,
Visit following link:
http://support.microsoft.com/kb/263712
NT AUTHORITY\SYSTEM restricts NT ADMIN and help to execute FullText as
FullText need builtin\administrators or NT AUTHORITY\SYSTEM.
Hope this will help.
"Kumar" wrote:
> Hi Folks,
> In our sql server 2005 cluster server, we have a loginuser called
> NT AUTHORITY\SYSTEM with sysadmin server role.
> What is the purpose of that account?
> Can we delete that login?
> If we delete that will there be any problems?
> We are using separate domain accounts for all sql services.
> Please help.
> Thank you
> --Kumarsql
Showing posts with label authority. Show all posts
Showing posts with label authority. Show all posts
Tuesday, March 27, 2012
Friday, February 24, 2012
can someone login as "NT AUTHORITY\SYSTEM "
Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service with
a different login so it wouldn't affect the jobs.
Thanks,
Dan D.
Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:
> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> one of our servers. I log both the failed and successful logins and both of
> the above logins were used recently. Do they have passwords that can be set?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service with
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.
|||I came across an article today about how someone could log in as NT AUTHORITY
through the cmd window using the task scheduler and I got a little concerned.
Thanks for the article.
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> These are the name of the accounts when you specify local system or network
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
[vbcol=seagreen]
> I came across an article today about how someone could log in as NT AUTHORITY
> through the cmd window using the task scheduler and I got a little concerned.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configure
your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
John
"Dan D." wrote:
[vbcol=seagreen]
> Sometimes the page doesn't render correctly. You may have to scroll down to
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
|||Thanks. I do run the Baseline Security Analyzer.
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you configure
> your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> John
> "Dan D." wrote:
|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to date.
John
"Dan D." wrote:
[vbcol=seagreen]
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service with
a different login so it wouldn't affect the jobs.
Thanks,
Dan D.
Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:
> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> one of our servers. I log both the failed and successful logins and both of
> the above logins were used recently. Do they have passwords that can be set?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service with
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.
|||I came across an article today about how someone could log in as NT AUTHORITY
through the cmd window using the task scheduler and I got a little concerned.
Thanks for the article.
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> These are the name of the accounts when you specify local system or network
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
[vbcol=seagreen]
> I came across an article today about how someone could log in as NT AUTHORITY
> through the cmd window using the task scheduler and I got a little concerned.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configure
your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
John
"Dan D." wrote:
[vbcol=seagreen]
> Sometimes the page doesn't render correctly. You may have to scroll down to
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
|||Thanks. I do run the Baseline Security Analyzer.
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you configure
> your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> John
> "Dan D." wrote:
|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to date.
John
"Dan D." wrote:
[vbcol=seagreen]
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
can someone login as "NT AUTHORITY\SYSTEM "
Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service with
a different login so it wouldn't affect the jobs.
Thanks,
--
Dan D.Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:
> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> one of our servers. I log both the failed and successful logins and both of
> the above logins were used recently. Do they have passwords that can be set?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service with
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.|||I came across an article today about how someone could log in as NT AUTHORITY
through the cmd window using the task scheduler and I got a little concerned.
Thanks for the article.
--
Dan D.
"John Bell" wrote:
> Hi Dan
> These are the name of the accounts when you specify local system or network
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
> > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > one of our servers. I log both the failed and successful logins and both of
> > the above logins were used recently. Do they have passwords that can be set?
> >
> > What would be the implications if I removed both of them from
> > "security/logins"? I'm running both the server service and agent service with
> > a different login so it wouldn't affect the jobs.
> >
> > Thanks,
> > --
> > Dan D.|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
> I came across an article today about how someone could log in as NT AUTHORITY
> through the cmd window using the task scheduler and I got a little concerned.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
> > Hi Dan
> >
> > These are the name of the accounts when you specify local system or network
> > service as the accounts in which a service runs under see
> > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> >
> > John
> >
> > "Dan D." wrote:
> >
> > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > one of our servers. I log both the failed and successful logins and both of
> > > the above logins were used recently. Do they have passwords that can be set?
> > >
> > > What would be the implications if I removed both of them from
> > > "security/logins"? I'm running both the server service and agent service with
> > > a different login so it wouldn't affect the jobs.
> > >
> > > Thanks,
> > > --
> > > Dan D.|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
--
Dan D.
"John Bell" wrote:
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
> > I came across an article today about how someone could log in as NT AUTHORITY
> > through the cmd window using the task scheduler and I got a little concerned.
> > Thanks for the article.
> > --
> > Dan D.
> >
> >
> > "John Bell" wrote:
> >
> > > Hi Dan
> > >
> > > These are the name of the accounts when you specify local system or network
> > > service as the accounts in which a service runs under see
> > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > >
> > > John
> > >
> > > "Dan D." wrote:
> > >
> > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > one of our servers. I log both the failed and successful logins and both of
> > > > the above logins were used recently. Do they have passwords that can be set?
> > > >
> > > > What would be the implications if I removed both of them from
> > > > "security/logins"? I'm running both the server service and agent service with
> > > > a different login so it wouldn't affect the jobs.
> > > >
> > > > Thanks,
> > > > --
> > > > Dan D.|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configure
your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
John
"Dan D." wrote:
> Sometimes the page doesn't render correctly. You may have to scroll down to
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
> > Hi Dan
> >
> > Could you can post a link to the article?
> >
> > John
> >
> > "Dan D." wrote:
> >
> > > I came across an article today about how someone could log in as NT AUTHORITY
> > > through the cmd window using the task scheduler and I got a little concerned.
> > > Thanks for the article.
> > > --
> > > Dan D.
> > >
> > >
> > > "John Bell" wrote:
> > >
> > > > Hi Dan
> > > >
> > > > These are the name of the accounts when you specify local system or network
> > > > service as the accounts in which a service runs under see
> > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > > >
> > > > John
> > > >
> > > > "Dan D." wrote:
> > > >
> > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > > one of our servers. I log both the failed and successful logins and both of
> > > > > the above logins were used recently. Do they have passwords that can be set?
> > > > >
> > > > > What would be the implications if I removed both of them from
> > > > > "security/logins"? I'm running both the server service and agent service with
> > > > > a different login so it wouldn't affect the jobs.
> > > > >
> > > > > Thanks,
> > > > > --
> > > > > Dan D.|||Thanks. I do run the Baseline Security Analyzer.
--
Dan D.
"John Bell" wrote:
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you configure
> your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> John
> "Dan D." wrote:
> > Sometimes the page doesn't render correctly. You may have to scroll down to
> > see the beginning of the article.
> >
> > http://www.ozzu.com/ftopic1337.html
> >
> > --
> > Dan D.
> >
> >
> > "John Bell" wrote:
> >
> > > Hi Dan
> > >
> > > Could you can post a link to the article?
> > >
> > > John
> > >
> > > "Dan D." wrote:
> > >
> > > > I came across an article today about how someone could log in as NT AUTHORITY
> > > > through the cmd window using the task scheduler and I got a little concerned.
> > > > Thanks for the article.
> > > > --
> > > > Dan D.
> > > >
> > > >
> > > > "John Bell" wrote:
> > > >
> > > > > Hi Dan
> > > > >
> > > > > These are the name of the accounts when you specify local system or network
> > > > > service as the accounts in which a service runs under see
> > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > > > >
> > > > > John
> > > > >
> > > > > "Dan D." wrote:
> > > > >
> > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > > > one of our servers. I log both the failed and successful logins and both of
> > > > > > the above logins were used recently. Do they have passwords that can be set?
> > > > > >
> > > > > > What would be the implications if I removed both of them from
> > > > > > "security/logins"? I'm running both the server service and agent service with
> > > > > > a different login so it wouldn't affect the jobs.
> > > > > >
> > > > > > Thanks,
> > > > > > --
> > > > > > Dan D.|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to date.
John
"Dan D." wrote:
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
> > Hi Dan
> >
> > The article is talking about a vunerability highlighted in
> > http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> > worm, rather than something actually logging in a the account. You should
> > make sure that your system is patched to a level which does not have this
> > issue. Tools like Microsoft Baseline Security Advisor will help you configure
> > your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> >
> > John
> >
> > "Dan D." wrote:
> >
> > > Sometimes the page doesn't render correctly. You may have to scroll down to
> > > see the beginning of the article.
> > >
> > > http://www.ozzu.com/ftopic1337.html
> > >
> > > --
> > > Dan D.
> > >
> > >
> > > "John Bell" wrote:
> > >
> > > > Hi Dan
> > > >
> > > > Could you can post a link to the article?
> > > >
> > > > John
> > > >
> > > > "Dan D." wrote:
> > > >
> > > > > I came across an article today about how someone could log in as NT AUTHORITY
> > > > > through the cmd window using the task scheduler and I got a little concerned.
> > > > > Thanks for the article.
> > > > > --
> > > > > Dan D.
> > > > >
> > > > >
> > > > > "John Bell" wrote:
> > > > >
> > > > > > Hi Dan
> > > > > >
> > > > > > These are the name of the accounts when you specify local system or network
> > > > > > service as the accounts in which a service runs under see
> > > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > > > > >
> > > > > > John
> > > > > >
> > > > > > "Dan D." wrote:
> > > > > >
> > > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > > > > one of our servers. I log both the failed and successful logins and both of
> > > > > > > the above logins were used recently. Do they have passwords that can be set?
> > > > > > >
> > > > > > > What would be the implications if I removed both of them from
> > > > > > > "security/logins"? I'm running both the server service and agent service with
> > > > > > > a different login so it wouldn't affect the jobs.
> > > > > > >
> > > > > > > Thanks,
> > > > > > > --
> > > > > > > Dan D.
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service with
a different login so it wouldn't affect the jobs.
Thanks,
--
Dan D.Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:
> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> one of our servers. I log both the failed and successful logins and both of
> the above logins were used recently. Do they have passwords that can be set?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service with
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.|||I came across an article today about how someone could log in as NT AUTHORITY
through the cmd window using the task scheduler and I got a little concerned.
Thanks for the article.
--
Dan D.
"John Bell" wrote:
> Hi Dan
> These are the name of the accounts when you specify local system or network
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
> > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > one of our servers. I log both the failed and successful logins and both of
> > the above logins were used recently. Do they have passwords that can be set?
> >
> > What would be the implications if I removed both of them from
> > "security/logins"? I'm running both the server service and agent service with
> > a different login so it wouldn't affect the jobs.
> >
> > Thanks,
> > --
> > Dan D.|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
> I came across an article today about how someone could log in as NT AUTHORITY
> through the cmd window using the task scheduler and I got a little concerned.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
> > Hi Dan
> >
> > These are the name of the accounts when you specify local system or network
> > service as the accounts in which a service runs under see
> > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> >
> > John
> >
> > "Dan D." wrote:
> >
> > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > one of our servers. I log both the failed and successful logins and both of
> > > the above logins were used recently. Do they have passwords that can be set?
> > >
> > > What would be the implications if I removed both of them from
> > > "security/logins"? I'm running both the server service and agent service with
> > > a different login so it wouldn't affect the jobs.
> > >
> > > Thanks,
> > > --
> > > Dan D.|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
--
Dan D.
"John Bell" wrote:
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
> > I came across an article today about how someone could log in as NT AUTHORITY
> > through the cmd window using the task scheduler and I got a little concerned.
> > Thanks for the article.
> > --
> > Dan D.
> >
> >
> > "John Bell" wrote:
> >
> > > Hi Dan
> > >
> > > These are the name of the accounts when you specify local system or network
> > > service as the accounts in which a service runs under see
> > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > >
> > > John
> > >
> > > "Dan D." wrote:
> > >
> > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > one of our servers. I log both the failed and successful logins and both of
> > > > the above logins were used recently. Do they have passwords that can be set?
> > > >
> > > > What would be the implications if I removed both of them from
> > > > "security/logins"? I'm running both the server service and agent service with
> > > > a different login so it wouldn't affect the jobs.
> > > >
> > > > Thanks,
> > > > --
> > > > Dan D.|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configure
your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
John
"Dan D." wrote:
> Sometimes the page doesn't render correctly. You may have to scroll down to
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
> > Hi Dan
> >
> > Could you can post a link to the article?
> >
> > John
> >
> > "Dan D." wrote:
> >
> > > I came across an article today about how someone could log in as NT AUTHORITY
> > > through the cmd window using the task scheduler and I got a little concerned.
> > > Thanks for the article.
> > > --
> > > Dan D.
> > >
> > >
> > > "John Bell" wrote:
> > >
> > > > Hi Dan
> > > >
> > > > These are the name of the accounts when you specify local system or network
> > > > service as the accounts in which a service runs under see
> > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > > >
> > > > John
> > > >
> > > > "Dan D." wrote:
> > > >
> > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > > one of our servers. I log both the failed and successful logins and both of
> > > > > the above logins were used recently. Do they have passwords that can be set?
> > > > >
> > > > > What would be the implications if I removed both of them from
> > > > > "security/logins"? I'm running both the server service and agent service with
> > > > > a different login so it wouldn't affect the jobs.
> > > > >
> > > > > Thanks,
> > > > > --
> > > > > Dan D.|||Thanks. I do run the Baseline Security Analyzer.
--
Dan D.
"John Bell" wrote:
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you configure
> your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> John
> "Dan D." wrote:
> > Sometimes the page doesn't render correctly. You may have to scroll down to
> > see the beginning of the article.
> >
> > http://www.ozzu.com/ftopic1337.html
> >
> > --
> > Dan D.
> >
> >
> > "John Bell" wrote:
> >
> > > Hi Dan
> > >
> > > Could you can post a link to the article?
> > >
> > > John
> > >
> > > "Dan D." wrote:
> > >
> > > > I came across an article today about how someone could log in as NT AUTHORITY
> > > > through the cmd window using the task scheduler and I got a little concerned.
> > > > Thanks for the article.
> > > > --
> > > > Dan D.
> > > >
> > > >
> > > > "John Bell" wrote:
> > > >
> > > > > Hi Dan
> > > > >
> > > > > These are the name of the accounts when you specify local system or network
> > > > > service as the accounts in which a service runs under see
> > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > > > >
> > > > > John
> > > > >
> > > > > "Dan D." wrote:
> > > > >
> > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > > > one of our servers. I log both the failed and successful logins and both of
> > > > > > the above logins were used recently. Do they have passwords that can be set?
> > > > > >
> > > > > > What would be the implications if I removed both of them from
> > > > > > "security/logins"? I'm running both the server service and agent service with
> > > > > > a different login so it wouldn't affect the jobs.
> > > > > >
> > > > > > Thanks,
> > > > > > --
> > > > > > Dan D.|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to date.
John
"Dan D." wrote:
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
> > Hi Dan
> >
> > The article is talking about a vunerability highlighted in
> > http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> > worm, rather than something actually logging in a the account. You should
> > make sure that your system is patched to a level which does not have this
> > issue. Tools like Microsoft Baseline Security Advisor will help you configure
> > your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> >
> > John
> >
> > "Dan D." wrote:
> >
> > > Sometimes the page doesn't render correctly. You may have to scroll down to
> > > see the beginning of the article.
> > >
> > > http://www.ozzu.com/ftopic1337.html
> > >
> > > --
> > > Dan D.
> > >
> > >
> > > "John Bell" wrote:
> > >
> > > > Hi Dan
> > > >
> > > > Could you can post a link to the article?
> > > >
> > > > John
> > > >
> > > > "Dan D." wrote:
> > > >
> > > > > I came across an article today about how someone could log in as NT AUTHORITY
> > > > > through the cmd window using the task scheduler and I got a little concerned.
> > > > > Thanks for the article.
> > > > > --
> > > > > Dan D.
> > > > >
> > > > >
> > > > > "John Bell" wrote:
> > > > >
> > > > > > Hi Dan
> > > > > >
> > > > > > These are the name of the accounts when you specify local system or network
> > > > > > service as the accounts in which a service runs under see
> > > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> > > > > >
> > > > > > John
> > > > > >
> > > > > > "Dan D." wrote:
> > > > > >
> > > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> > > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> > > > > > > one of our servers. I log both the failed and successful logins and both of
> > > > > > > the above logins were used recently. Do they have passwords that can be set?
> > > > > > >
> > > > > > > What would be the implications if I removed both of them from
> > > > > > > "security/logins"? I'm running both the server service and agent service with
> > > > > > > a different login so it wouldn't affect the jobs.
> > > > > > >
> > > > > > > Thanks,
> > > > > > > --
> > > > > > > Dan D.
can someone login as "NT AUTHORITY\SYSTEM "
Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access t
o
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service wit
h
a different login so it wouldn't affect the jobs.
Thanks,
--
Dan D.Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:
> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access
to
> one of our servers. I log both the failed and successful logins and both o
f
> the above logins were used recently. Do they have passwords that can be se
t?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service w
ith
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.|||I came across an article today about how someone could log in as NT AUTHORIT
Y
through the cmd window using the task scheduler and I got a little concerned
.
Thanks for the article.
--
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> These are the name of the accounts when you specify local system or networ
k
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
>|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
[vbcol=seagreen]
> I came across an article today about how someone could log in as NT AUTHOR
ITY
> through the cmd window using the task scheduler and I got a little concern
ed.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
>|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
>|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specifi
c
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configur
e
your systems check out [url]http://msdn2.microsoft.com/en-us/library/aa302360.aspx[/url
]
John
"Dan D." wrote:
[vbcol=seagreen]
> Sometimes the page doesn't render correctly. You may have to scroll down t
o
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
>|||Thanks. I do run the Baseline Security Analyzer.
--
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a speci
fic
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you config
ure
> your systems check out [url]http://msdn2.microsoft.com/en-us/library/aa302360.aspx[/u
rl]
> John
> "Dan D." wrote:
>|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to dat
e.
John
"Dan D." wrote:
[vbcol=seagreen]
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
>
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access t
o
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service wit
h
a different login so it wouldn't affect the jobs.
Thanks,
--
Dan D.Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:
> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access
to
> one of our servers. I log both the failed and successful logins and both o
f
> the above logins were used recently. Do they have passwords that can be se
t?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service w
ith
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.|||I came across an article today about how someone could log in as NT AUTHORIT
Y
through the cmd window using the task scheduler and I got a little concerned
.
Thanks for the article.
--
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> These are the name of the accounts when you specify local system or networ
k
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
>|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
[vbcol=seagreen]
> I came across an article today about how someone could log in as NT AUTHOR
ITY
> through the cmd window using the task scheduler and I got a little concern
ed.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
>|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
>|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specifi
c
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configur
e
your systems check out [url]http://msdn2.microsoft.com/en-us/library/aa302360.aspx[/url
]
John
"Dan D." wrote:
[vbcol=seagreen]
> Sometimes the page doesn't render correctly. You may have to scroll down t
o
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
>|||Thanks. I do run the Baseline Security Analyzer.
--
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a speci
fic
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you config
ure
> your systems check out [url]http://msdn2.microsoft.com/en-us/library/aa302360.aspx[/u
rl]
> John
> "Dan D." wrote:
>|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to dat
e.
John
"Dan D." wrote:
[vbcol=seagreen]
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
>
Subscribe to:
Posts (Atom)