> hey all
>
> i just found one of the w2k servers to be infected and acting very
> strangely.
> unfortunately it is a domain controller and it has all the
> users/computers lists.
>
> how can i export these before reinstall in order to keep the exact same
> configuration (everything except passwords of course) ?
> i suppose this could be usefull to be done on a regular basis too...
>
> TIA

Create a BDC (backup domain controller), any old system will do from the
sounds of it (if you onyl have one PDC and no BDC's then your network
probably isn't to large), attach it to the network, it will sync with the
PDC, you now have a copy of all accounts/passwords, you may need to manually
copy profiles/etc/etc, do so. Then unplug the PDC, and promote the BDC to a
PDC. Voila. A new clean PDC. Repeat as needed if you want to swap the old
PDC back in, but this may be a good excuse to get a new server for the PDC.
Plus this leaves the old PDC for forensics examination.

You may also want to enable a lot more logging in future and have windows
auto-update installed, as well as an anti-virus package etc, etc.

Kurt Seifried, kurt (at) seifried (dot) org [email concealed]
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

[ reply ]