> list may be "fakeID"/backdoor user account? One way, I guess
> might be, get mandatory or system default user account list
> for NT/XP/given win OS and then separate them from the rest,
> then examine the remaining? better approach?
I don't know of any tool or automation process that will handle this for
you. I simply keep track of created user accounts - it's easy enough to
check for differences. You might also check existing user accounts to ensure
their privileges haven't changed, as it's often simpler to escalate
privileges than to create a new account anyway.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
