Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Discovering Active Direcory shared or Service users account

from [James (njan) Eaton-Lee] Network Security [Permanent Link]
Subject: Re: Discovering Active Direcory shared or Service users account
Date: Tue, 03 Apr 2007 16:18:24 +0100
Biassoni Riccardo wrote: 
Hi All,

Is there a way to discover Active Directory "Shared" user account or "Service" users Account for auditing purpose? I have domain admin privileges and local access to my domain controllers.

In AD, there's no inherent difference between a service account and a regular user account. In order to actually do this, then, you'd have to actually find some characteristic of these accounts in your environment, such as:

+ Being logged onto multiple workstations at once
+ Having services configured using the account
+ Having a particular naming scheme

Obviously these are going to be fairly environment specific, but there are ways of finding them out (psloggedon and wmic, for instance). They're going to take a substantial amount of effort to figure out however, and investigate if you don't have a consistent way of managing service accounts.

The short answer is: How good's your vbscript/wmi?

 - James.

--
  James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

   "All at sea again / And now my hurricanes
   Have brought down this ocean rain / To bathe me again"

 https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Discovering Active Direcory users with blank passwords, igor . mamuzic
Next by Date:  RE: Discovering Active Direcory shared or Service users account, Talkovic, Scott A.
Previous by Thread:  Discovering Active Direcory shared or Service users account, Biassoni Riccardo
Next by Thread:  RE: Discovering Active Direcory shared or Service users account, Talkovic, Scott A.
Indexes:  [Date] [Thread] [Top] [All Lists]