|
W2kTotalPowerWhere
-
Version
1.0.2
Can Your colleguageās with Explorer (from their own
W2k-workstation) read/modify/delete/create files on
Your hard disc. And nobody can see if it happens.
W2kTotalPowerWhere reports if You have this problem.
Important: This is not a hackers tool to gain more
access. It only reports, what Your IT-sysadm already
has given You, and Your colleguages.
Many IT-sysadms will answer, that this problem is
solved with W2k-ADS-policy, but it can't.
More and more programs upgrades themselves while users
are logged in, demanding that users must be member of
the Local Admin Group. Members of this group can
install programs. Installing W2k on a workstation, the
IT-sysadm normally decides that no Domain Users can be
member of the Local Admin Group.
But are workstations used by more than one user? Are
there users using other than their own workstation?
If the IT-sysadm have given this problem deep
reflection, maybe he/she have prepared some Global
Domain Groups with the same names ready on every
workstation, being member of the Local Admin Group. If
it's necessary, the IT-sysadm can then temporarily add
the Domain User to this Global Domain Group, and the
user can install programs until he/she removes the
Domain User again after maybe 2 days? But while the
user is member of this Global Domain Group, the Domain
User at once gains UNLIMITED admin power on every
workstation on the network. While the Domain User is a
member of the Local Admin Group, he/she can make a new
Local User on every workstation on the network, and
grant this Local User membership of the Local Admin
Group on every workstation. And the Domain User can do
it from his/hers own workstation without anyone seeing
anything about it.
Then it dosn't matter that the IT-sysadm removes the
Domain User from the Global Domain Group after 2 hours.
The unlimited REMOTE access involves:
1. Explorer: \\ComputerName\C$
2. Registry
3. Computer Management (Control Panel)
Read more about it on www.TryWare.Dk
|