SecurityFocus

Discovering Active Direcory users with blank passwords Apr 02 2007 04:43PM
igor mamuzic koncar-inem hr (5 replies)

Discovering Active Direcory shared or Service users account Apr 03 2007 02:25PM
Biassoni Riccardo (r biassoni reply it) (3 replies)

Re: Discovering Active Direcory shared or Service users account Apr 04 2007 12:59PM
Chris Costantino (clckct yahoo com)

RE: Discovering Active Direcory shared or Service users account Apr 03 2007 05:53PM
Talkovic, Scott A. (satalkov uci edu) (1 replies)

RE: Discovering Active Direcory shared or Service users account Apr 08 2007 02:00AM
David LeBlanc (dleblanc mindspring com)

Re: Discovering Active Direcory shared or Service users account Apr 03 2007 03:18PM
James (njan) Eaton-Lee (james mailing gmail com)

Biassoni Riccardo wrote:
> Hi All,
>
> Is there a way to discover Active Directory "Shared" user account or "Service" users Account for auditing purpose?
> I have domain admin privileges and local access to my domain controllers.

In AD, there's no inherent difference between a service account and a
regular user account. In order to actually do this, then, you'd have to
actually find some characteristic of these accounts in your environment,
such as:

+ Being logged onto multiple workstations at once
+ Having services configured using the account
+ Having a particular naming scheme

Obviously these are going to be fairly environment specific, but there
are ways of finding them out (psloggedon and wmic, for instance).
They're going to take a substantial amount of effort to figure out
however, and investigate if you don't have a consistent way of managing
service accounts.

The short answer is: How good's your vbscript/wmi?

- James.

--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

"All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again"

https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
0? *?H?÷
?0?10 +0? *?H?÷
? ü0?ú0?â `0
*?H?÷
0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
support (at) cacert (dot) org0 [email concealed]
061218190127Z
071218190127Z0B10UCAcert WoT User1&0$ *?H?÷
james.mailing (at) gmail (dot) com0 [email concealed]?"0
*?H?÷
?0?
?ër&âQ?p?ËOÏD±x??D÷u?)¢×?O?K·¨íÌ³u#ú/¹CFu'Ü³iÖHhþZ}?¾p¯?1.)ó?W
È¶º`æ¦à®?»zÓçµ?XQ?ÚZ±5!¥5°Í* êX¿?i?«>ïð¼¬å½mt?E?@
Txúj&U=bh&¼??ø¶·lÙÓj¦È@ÄÞ?j?¬??â3EiÂíKÁ??;À»ÅËD?
¶ô@Ï¥?/;>r¹»ü??ñýÇñ?X?º/e¿S®}?'?6öâÅ???^¡êG?ål`P{?r»{@Û6¼B¹ j!Õ?X«£Á0¾0Uÿ00V `?H?øB
IGTo get your own certificate for FREE head over to http://www.CAcert.org02+&0$0"+0?http://ocsp.cacert.or
g0"U0james.mailing (at) gmail (dot) com0 [email concealed]
*?H?÷
?s@UgOrþ´²?ãMÈ{P±"MôØÀÅ¢zp«?ø1+ HX[M?ÆbÞñ@H½]pÆté?X¼à/öïN
+Aå{??FÅ8lf§/2ïÙ²Ü)µü2ýt?®Ô¸~?ên<?°2?Åã? CÝ8¥?Gå?oþ°´x³¹ß4Lsî¸LÌ?&lZ¡Ú?Â^Ó,?Àþ/NrÌZô°Ê¤Ö?~"i0*yYí¡
[ÈF4¥#ÎP¨t?® Ã{è¤{?
ªg?#-9Ö<®iFãª"À?"Û¸FJFûÏýQÅÔßhv~Ü.?®N?oK7Yãk?w¤H?ñ1w\je!Õ2
å?³óåÒÿ?òµ¡?eþrL*©ÑÍ¾~"Ë×N#âéÊ6Û?]Vkx¬D³Èñ°??¬J?tbµ?ÔÊªíäÖs:
t??xSbö5¯fû¿$IGÅóâÔ7·âm?ÞYô<í <üxõ¯jBÑ4"êt?«»ÕÎä¸?[Ë³a5-Ì¨^ËWÙÓ1ìvc$¹ñ?ÀNÝS[ÜÁý¢)ó?Ï%{¿ üg=ë?å»uS¬BQ~Õ®3?GÛX?gbé~àBÚ?eàÑn%ót?vÊF?gGÌº?þ?^,*èx3k?÷táZrf'¥??Å0
?ú0?â `0
*?H?÷
0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
support (at) cacert (dot) org0 [email concealed]
061218190127Z
071218190127Z0B10UCAcert WoT User1&0$ *?H?÷
james.mailing (at) gmail (dot) com0 [email concealed]?"0
*?H?÷
?0?
?ër&âQ?p?ËOÏD±x??D÷u?)¢×?O?K·¨íÌ³u#ú/¹CFu'Ü³iÖHhþZ}?¾p¯?1.)ó?W
È¶º`æ¦à®?»zÓçµ?XQ?ÚZ±5!¥5°Í* êX¿?i?«>ïð¼¬å½mt?E?@
Txúj&U=bh&¼??ø¶·lÙÓj¦È@ÄÞ?j?¬??â3EiÂíKÁ??;À»ÅËD?
¶ô@Ï¥?/;>r¹»ü??ñýÇñ?X?º/e¿S®}?'?6öâÅ???^¡êG?ål`P{?r»{@Û6¼B¹ j!Õ?X«£Á0¾0Uÿ00V `?H?øB
IGTo get your own certificate for FREE head over to http://www.CAcert.org02+&0$0"+0?http://ocsp.cacert.or
g0"U0james.mailing (at) gmail (dot) com0 [email concealed]
*?H?÷
?s@UgOrþ´²?ãMÈ{P±"MôØÀÅ¢zp«?ø1+ HX[M?ÆbÞñ@H½]pÆté?X¼à/öïN
+Aå{??FÅ8lf§/2ïÙ²Ü)µü2ýt?®Ô¸~?ên<?°2?Åã? CÝ8¥?Gå?oþ°´x³¹ß4Lsî¸LÌ?&lZ¡Ú?Â^Ó,?Àþ/NrÌZô°Ê¤Ö?~"i0*yYí¡
[ÈF4¥#ÎP¨t?® Ã{è¤{?
ªg?#-9Ö<®iFãª"À?"Û¸FJFûÏýQÅÔßhv~Ü.?®N?oK7Yãk?w¤H?ñ1w\je!Õ2
å?³óåÒÿ?òµ¡?eþrL*©ÑÍ¾~"Ë×N#âéÊ6Û?]Vkx¬D³Èñ°??¬J?tbµ?ÔÊªíäÖs:
t??xSbö5¯fû¿$IGÅóâÔ7·âm?ÞYô<í <üxõ¯jBÑ4"êt?«»ÕÎä¸?[Ë³a5-Ì¨^ËWÙÓ1ìvc$¹ñ?ÀNÝS[ÜÁý¢)ó?Ï%{¿ üg=ë?å»uS¬BQ~Õ®3?GÛX?gbé~àBÚ?eàÑn%ót?vÊF?gGÌº?þ?^,*èx3k?÷táZrf'¥??Å1
??0??0?0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
support (at) cacert (dot) org [email concealed]`0 + ?Û0 *?H?÷
1 *?H?÷
0 *?H?÷
1
070403151824Z0# *?H?÷
1bæ÷¼
f-D,ó®?\?Ì¾i0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0? +?71?0?0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
support (at) cacert (dot) org [email concealed]`0?*?H?÷
1? ?0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
support (at) cacert (dot) org [email concealed]`0
*?H?÷
??8æ?v÷?ÒÚ?µ?½f«¥«ù=$Ü,p?qª)óR!ü02A·Ù???8¹øJ®Ö-lmOÄùMýÎ2]Un
Ï?ñ©lµúy>|#???2ZïÙ»l?]Þ?ìA? ?±ôvª~²<?Ë?]pJøÓô5?ÓÕ©ì7ÈY¶êóÈìWÓp$^®Öd8?6¨ÅgK??¨?ý_³U???"?CWýW V]®täpld<%ÏÑ¤*í\Ì©?ó;Gé?ú?¹i?<#+ëÒþ¼»ß}³;$FæÎÓ?£ÔCÑ£¥ÓKéµ½¨?wÜÇ?o5\Y
?^iÞáiõ±cK??¶

[ reply ]

RE: Discovering Active Direcory users with blank passwords Apr 03 2007 02:04PM
Goran Pizent (goran pizent mobilnet hr)

RE: Discovering Active Direcory users with blank passwords Apr 02 2007 07:55PM
Kunz, Jeffrey T. (JKunz foley com) (1 replies)

Re: Discovering Active Direcory users with blank passwords Apr 03 2007 12:03AM
Kevin Gay (rot_betruger sbcglobal net) (2 replies)

Re: Discovering Active Direcory users with blank passwords Apr 03 2007 02:17PM
Raoul Armfield (armfield amnh org)

Re: Discovering Active Direcory users with blank passwords Apr 03 2007 02:01PM
pimp mastermind (gbchustla gmail com)

RE: Discovering Active Direcory users with blank passwords Apr 02 2007 07:51PM
eric (eric ch13-12westtex org)

Re: Discovering Active Direcory users with blank passwords Apr 02 2007 06:46PM
c0d3w12 c0d3w12 (c0d3vv12 gmail com)