|
sql
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
can someone login as "NT AUTHORITY\SYSTEM "
Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to one of our servers. I log both the failed and successful logins and both of the above logins were used recently. Do they have passwords that can be set? What would be the implications if I removed both of them from "security/logins"? I'm running both the server service and agent service with a different login so it wouldn't affect the jobs. Thanks, -- Dan D. Hi Dan
These are the name of the accounts when you specify local system or network service as the accounts in which a service runs under see http://msdn2.microsoft.com/en-us/library/ms191543.aspx John Show quoteHide quote "Dan D." wrote: > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > one of our servers. I log both the failed and successful logins and both of > the above logins were used recently. Do they have passwords that can be set? > > What would be the implications if I removed both of them from > "security/logins"? I'm running both the server service and agent service with > a different login so it wouldn't affect the jobs. > > Thanks, > -- > Dan D. I came across an article today about how someone could log in as NT AUTHORITY
through the cmd window using the task scheduler and I got a little concerned. Thanks for the article. -- Show quoteHide quoteDan D. "John Bell" wrote: > Hi Dan > > These are the name of the accounts when you specify local system or network > service as the accounts in which a service runs under see > http://msdn2.microsoft.com/en-us/library/ms191543.aspx > > John > > "Dan D." wrote: > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > > one of our servers. I log both the failed and successful logins and both of > > the above logins were used recently. Do they have passwords that can be set? > > > > What would be the implications if I removed both of them from > > "security/logins"? I'm running both the server service and agent service with > > a different login so it wouldn't affect the jobs. > > > > Thanks, > > -- > > Dan D. Hi Dan
Could you can post a link to the article? John Show quoteHide quote "Dan D." wrote: > I came across an article today about how someone could log in as NT AUTHORITY > through the cmd window using the task scheduler and I got a little concerned. > Thanks for the article. > -- > Dan D. > > > "John Bell" wrote: > > > Hi Dan > > > > These are the name of the accounts when you specify local system or network > > service as the accounts in which a service runs under see > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx > > > > John > > > > "Dan D." wrote: > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > > > one of our servers. I log both the failed and successful logins and both of > > > the above logins were used recently. Do they have passwords that can be set? > > > > > > What would be the implications if I removed both of them from > > > "security/logins"? I'm running both the server service and agent service with > > > a different login so it wouldn't affect the jobs. > > > > > > Thanks, > > > -- > > > Dan D. Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article. http://www.ozzu.com/ftopic1337.html -- Show quoteHide quoteDan D. "John Bell" wrote: > Hi Dan > > Could you can post a link to the article? > > John > > "Dan D." wrote: > > > I came across an article today about how someone could log in as NT AUTHORITY > > through the cmd window using the task scheduler and I got a little concerned. > > Thanks for the article. > > -- > > Dan D. > > > > > > "John Bell" wrote: > > > > > Hi Dan > > > > > > These are the name of the accounts when you specify local system or network > > > service as the accounts in which a service runs under see > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx > > > > > > John > > > > > > "Dan D." wrote: > > > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > > > > one of our servers. I log both the failed and successful logins and both of > > > > the above logins were used recently. Do they have passwords that can be set? > > > > > > > > What would be the implications if I removed both of them from > > > > "security/logins"? I'm running both the server service and agent service with > > > > a different login so it wouldn't affect the jobs. > > > > > > > > Thanks, > > > > -- > > > > Dan D. Hi Dan
The article is talking about a vunerability highlighted in http://support.microsoft.com/?kbid=823980 that can be exploited by a specific worm, rather than something actually logging in a the account. You should make sure that your system is patched to a level which does not have this issue. Tools like Microsoft Baseline Security Advisor will help you configure your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx John Show quoteHide quote "Dan D." wrote: > Sometimes the page doesn't render correctly. You may have to scroll down to > see the beginning of the article. > > http://www.ozzu.com/ftopic1337.html > > -- > Dan D. > > > "John Bell" wrote: > > > Hi Dan > > > > Could you can post a link to the article? > > > > John > > > > "Dan D." wrote: > > > > > I came across an article today about how someone could log in as NT AUTHORITY > > > through the cmd window using the task scheduler and I got a little concerned. > > > Thanks for the article. > > > -- > > > Dan D. > > > > > > > > > "John Bell" wrote: > > > > > > > Hi Dan > > > > > > > > These are the name of the accounts when you specify local system or network > > > > service as the accounts in which a service runs under see > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx > > > > > > > > John > > > > > > > > "Dan D." wrote: > > > > > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > > > > > one of our servers. I log both the failed and successful logins and both of > > > > > the above logins were used recently. Do they have passwords that can be set? > > > > > > > > > > What would be the implications if I removed both of them from > > > > > "security/logins"? I'm running both the server service and agent service with > > > > > a different login so it wouldn't affect the jobs. > > > > > > > > > > Thanks, > > > > > -- > > > > > Dan D. Thanks. I do run the Baseline Security Analyzer.
-- Show quoteHide quoteDan D. "John Bell" wrote: > Hi Dan > > The article is talking about a vunerability highlighted in > http://support.microsoft.com/?kbid=823980 that can be exploited by a specific > worm, rather than something actually logging in a the account. You should > make sure that your system is patched to a level which does not have this > issue. Tools like Microsoft Baseline Security Advisor will help you configure > your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx > > John > > "Dan D." wrote: > > > Sometimes the page doesn't render correctly. You may have to scroll down to > > see the beginning of the article. > > > > http://www.ozzu.com/ftopic1337.html > > > > -- > > Dan D. > > > > > > "John Bell" wrote: > > > > > Hi Dan > > > > > > Could you can post a link to the article? > > > > > > John > > > > > > "Dan D." wrote: > > > > > > > I came across an article today about how someone could log in as NT AUTHORITY > > > > through the cmd window using the task scheduler and I got a little concerned. > > > > Thanks for the article. > > > > -- > > > > Dan D. > > > > > > > > > > > > "John Bell" wrote: > > > > > > > > > Hi Dan > > > > > > > > > > These are the name of the accounts when you specify local system or network > > > > > service as the accounts in which a service runs under see > > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx > > > > > > > > > > John > > > > > > > > > > "Dan D." wrote: > > > > > > > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > > > > > > one of our servers. I log both the failed and successful logins and both of > > > > > > the above logins were used recently. Do they have passwords that can be set? > > > > > > > > > > > > What would be the implications if I removed both of them from > > > > > > "security/logins"? I'm running both the server service and agent service with > > > > > > a different login so it wouldn't affect the jobs. > > > > > > > > > > > > Thanks, > > > > > > -- > > > > > > Dan D. Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to date. John Show quoteHide quote "Dan D." wrote: > Thanks. I do run the Baseline Security Analyzer. > -- > Dan D. > > > "John Bell" wrote: > > > Hi Dan > > > > The article is talking about a vunerability highlighted in > > http://support.microsoft.com/?kbid=823980 that can be exploited by a specific > > worm, rather than something actually logging in a the account. You should > > make sure that your system is patched to a level which does not have this > > issue. Tools like Microsoft Baseline Security Advisor will help you configure > > your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx > > > > John > > > > "Dan D." wrote: > > > > > Sometimes the page doesn't render correctly. You may have to scroll down to > > > see the beginning of the article. > > > > > > http://www.ozzu.com/ftopic1337.html > > > > > > -- > > > Dan D. > > > > > > > > > "John Bell" wrote: > > > > > > > Hi Dan > > > > > > > > Could you can post a link to the article? > > > > > > > > John > > > > > > > > "Dan D." wrote: > > > > > > > > > I came across an article today about how someone could log in as NT AUTHORITY > > > > > through the cmd window using the task scheduler and I got a little concerned. > > > > > Thanks for the article. > > > > > -- > > > > > Dan D. > > > > > > > > > > > > > > > "John Bell" wrote: > > > > > > > > > > > Hi Dan > > > > > > > > > > > > These are the name of the accounts when you specify local system or network > > > > > > service as the accounts in which a service runs under see > > > > > > http://msdn2.microsoft.com/en-us/library/ms191543.aspx > > > > > > > > > > > > John > > > > > > > > > > > > "Dan D." wrote: > > > > > > > > > > > > > Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT > > > > > > > AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to > > > > > > > one of our servers. I log both the failed and successful logins and both of > > > > > > > the above logins were used recently. Do they have passwords that can be set? > > > > > > > > > > > > > > What would be the implications if I removed both of them from > > > > > > > "security/logins"? I'm running both the server service and agent service with > > > > > > > a different login so it wouldn't affect the jobs. > > > > > > > > > > > > > > Thanks, > > > > > > > -- > > > > > > > Dan D.  
Other interesting topics
Need help troubleshooting a memory paging issue
List of running stored procedures limited permissions on test server for developers Spid checker query help Low Disk Space Delete records in a table with 15 dependencies how to remove the sql server registry mess? Remote Production Database Issue Installed SQL2000 SP4 successfully but still shows RTM as installe CHECKING the TRANSACTION LOG |
|||||||||||||||||||||||
