I suspect a contractor brought in to cover while I was gone, but I'm parsing logs now to see if I can determine that.
Fortunately, I syslog everything I can, so should be able to track it down fairly quickly. On Mon, May 5, 2008 at 10:59 AM, Steve Ens <[EMAIL PROTECTED]> wrote: > Fire them all! or at least fifty lashes. > > > > On Mon, May 5, 2008 at 12:56 PM, Kurt Buff <[EMAIL PROTECTED]> wrote: > > Found it. > > > > Someone put the group in the Administrators group. > > > > I'm quite unhappy, and I'm investigating. > > > > > > > > > > On Mon, May 5, 2008 at 10:37 AM, Barsodi.John <[EMAIL PROTECTED]> > wrote: > > > Check the Account Operators group? > > > > > > > > > > > > -----Original Message----- > > > From: Kurt Buff [mailto:[EMAIL PROTECTED] > > > Sent: Monday, May 05, 2008 10:30 AM > > > To: NT System Admin Issues > > > Subject: Domain Admin monkey business > > > > > > I've been on vacation for a couple of weeks, and came back to a bit of > > > a situation. The helpdesk staff now seem to be able to control > > > accounts in the domain - they can set/reset passwords, disable/enable > > > accounts, update group memberships, etc. > > > > > > I've looked, and domain admins looks as expected. > > > > > > Am I correct in believing that the only other way this can happen is > > > through OU delegation? If so, how do I check to see what's changed WRT > > > delegation - how do I audit that? > > > > > > Kurt > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
