s/ing/out/ On Mon, Oct 6, 2008 at 10:24 PM, Sean OMeara <[EMAIL PROTECTED]> wrote: > I'm pretty sure that, by default, any normal user can join a computer > to a domain up to three times withing DA privs. > -s > > > On Mon, Oct 6, 2008 at 9:27 PM, Edward Ned Harvey <[EMAIL PROTECTED]> wrote: >> Is there any way to join a Windows computer onto AD, without knowing the >> password of a Domain Administrator? >> >> I ask because one of my users supposedly did it. None of the admins helped >> to join a fresh-out-of-the-box machine onto the domain, and yet it's on the >> domain. I asked the user about this, and the response was gruff and vague, >> "I'm smart... I didn't have any help... I only used my own password..." >> and exit the room. >> >> I double-checked, and the user is not part of the domain admins group. I >> also double-checked, and my own "normal user" account is not able to join a >> machine onto the domain. >> >> The way I see it, there are only two possibilities - (a) somehow a normal >> user can join the domain without any admin help, or (b) somehow one of the >> domain admin accounts was compromised. >> >> Do I ... >> (a) Simply talk to the manager and request that the user be fired. (and do >> all the necessary password resets, etc) >> (b) (With manager present) Offer the user the opportunity to demonstrate >> this accomplishment without a domain admin pass, and then request for the >> user to be fired if it can't be repeated on another machine. >> (c) (Without manager present) Ask the user to show me something cool that >> I've never seen before, that I didn't think was possible. >> >> >> _______________________________________________ >> bblisa mailing list >> [email protected] >> http://www.bblisa.org/mailman/listinfo/bblisa >> >
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
