------------------------------------------------------------------- SearchWin2000's Security Tip -------------------------------------------------------------------- TODAY'S SECURITY TIP: Stop users creating accounts ==================================================================== SPONSORED BY: VeriSign - The Internet Trust Company ==================================================================== Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now at http://www.verisign.com/cgi-bin/go.cgi?a=n094440330003000! ==================================================================== "Stop users creating accounts" By Adesh Rampat Some users may have the capability of creating new accounts or users on Windows 2000 Professional. Here's how to stop it. -------------------------------------------------------------------- The administrator, or any user that has administrative rights, can create local user and group accounts in Windows 2000 Professional. But there is a way for a user who is not assigned any administrative privileges to create local user accounts without being prompted for an administrator's password. Local user and group accounts can be created in Windows 2000 Professional through Control Panel\Users and Passwords, or through the Local Users and Groups snap-in in the Management Console. Users that do not have administrative rights or do not know the administrator's password cannot add another local user or change password through the Control Panel. But it is possible that members of the user group can open the local users and administrator's snap-in through the Computer Management Console; and once there, create new accounts or change the password for existing accounts without being prompted for an administrator password. To prevent this from happening, remove the statement NT AUTHORITY\INTERACTIVE from the power users group. Here's how to do it. - Log on as administrator. - Go to Control Panel. - Then double click on Administrative Tools. - Open the local Users and Groups snap-in of the Computer Management Console. - Click the Groups folder and double-click Users in the right pane to open the group's properties. - Click NT AUTHORITY\INTERACTIVE. - Select Remove, then click OK. Note: In some cases, the NT AUTHORITY\INTERACTIVE statement may not be present. If it isn't, then the ability to add/modify user accounts cannot be performed. -------------------------------------------------------------------- Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics. ==================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DID YOU LIKE THIS TIP? ==================================================================== We need your feedback! Whether you loved this tip or hated it, why not let us know? Rate it at http://www.searchWin2000.com/tip/1,289483,sid1_gci763669,00.html. Have additional comments? E-mail us at mailto:[EMAIL PROTECTED] to sound off. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================================================== BONUS TIPS ==================================================================== For more technical advice, check out these user-submitted tips. Be sure to rate them, too! We count on your feedback to help us pick our monthly winners! Submit a tip of your own while you're there to become eligible for this month's prize -- a set of Klipsch ProMedia 2.1 THX Certified Multimedia Speakers! There are only a couple of days left though. So submit your tip today! "How to reset the 90 temporary license with Terminal Server/Win2k" by Eileen Crabtree http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci763199,00.html "Unix attributes through Active Directory" by Robert Muncy http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci763196,00.html ==================================================================== If you would like to sponsor this or any techtarget newsletter, please contact Mike Kelly at mailto:[EMAIL PROTECTED]. ==================================================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchWin2000.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
