| VID |
27024 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The account exists in the Administrators Group.
The group "Administrators" is a built-in local group at installation time of Windows NT, 2000 and XP. "Administrator" account belongs to this group by default, and "Domain Admins" group belongs to it when the system is a member of the domain, and "Enterprise Admins" group belongs to it when this system is a domain controller. Members of the "Administrators" group can create, delete, and manage user accounts and groups. They grant resource permissions and install OS files, program(such as hardware drivers, system services and so on), and Service Pack/Windows Pack. As a result, they gain the full control over the system. Account and Group management is important for preventing unauthorized access to the system. It needs to verify that the detected accounts are right members of this group.
* Platforms Affected :
Microsoft Windows Any version |
| Recommendation |
Remove the account from the group, if the account isn't reasonable.
For Windows NT:
1. Go to the Start ¡æ Programs ¡æ Administrative Tools(Common) ¡æ Domain User Manager
2. Select the user of interest from the list and Select the [Properties] from the [User] menu.
3. Click [Group] from the "User Properties" windows.
4. Select the group name from the member list and Click the [Remove] button.
For Windows 2000 domain:
1. Open the "dsa.msc" with [Run] of Start menu.
2. Select the user of users list from Active Directory Users and Computer Management windows and Select the [Properties] for the user of interest.
3. Select the [Group] tab from the Properties windows.
4. Select the group of interest and Click [Remove] button.
For Windows 2000, XP:
1. Open the Local Users and Groups Management Console by entering the "lusrmgr.msc" into the [Run] of Start menu.
2. Open the [Group] folder of the Local Users and Groups windows.
3. Select the group of interest from group list and Select the [Properties].
4. Select the user of members in the group and Click the [Remove] button.
For Windows 2003, VISTA, 7, 2008, 8, 2012, 10, 2016, 2019:
1. Start menu, select Run and then execute lusrmgr.msc
2. Open [Local Users and Groups] -> [Groups] folder
3. Select the group of interest from group list and Select the [Properties].
4. Select the user of members in the group and Click the [Remove] button. |
| Related URL |
CVE-1999-0603 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1293 (ISS) |
|
