This is an older e-mail but what Carl says is soooo true. More than once I have started an e-mail to this list going step-by-step through the a problem I'm having and while detailing the problems and things I've tested, I will "close the loop" on something I missed and presto, problem solved before I ever hit "SEND".
David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 8:49 AM To: NT System Admin Issues Subject: RE: Alerts on Install or Elevation of Priviledges That's information that I didn't have before... Also unknown, what exactly is being installed, and whether said product requires administrator account access to be used or installed. If you want help, explain *everything* that you know about a problem - leave out no details. You may find that by fully documenting a problem, you end up solving it yourself. Carl -----Original Message----- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 11:40 AM To: NT System Admin Issues Subject: RE: Alerts on Install or Elevation of Priviledges Yep...I know, but the password wasn't reset. - Andy O. >-----Original Message----- >From: Carl Houseman [mailto:[EMAIL PROTECTED] >Sent: Tuesday, October 28, 2008 10:37 AM >To: NT System Admin Issues >Subject: RE: Alerts on Install or Elevation of Priviledges > >With physical access to a machine, any local account password can be reset. >Even disabling the local administrator account isn't sufficient. > >http://home.eunet.no/pnordahl/ntpasswd/ -----Original Message----- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 10:55 AM To: NT System Admin Issues Subject: Alerts on Install or Elevation of Priviledges I have a user that is somehow installing stuff but his account is only a standard restricted user. This is a standalone laptop, not on the domain at all. Anyone know of a way I could send myself an alert via email if he installs something or logs on as a different account than he should? Only thing I can think of is that he somehow got a hold of the local admin password but I can't see how - yes we disable the LM hash. - Andy O. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
