| VID |
27025 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The account exists in the Account Operators Group.
The group "Account Operators" is a built-in local group only on domain controllers during Active Directory installation for Windows NT, 2000 and XP, and has no members. Members of the "Account Operators" group can create, modify, and delete accounts for users, groups, and computers in all containers and organizational units(OUs) of Active Directory except the built-in container and Domain Controllers OU. But, they cannot modify the administrators and Domain Administrators groups, nor do they can modify the accounts for members of those groups. This group is modified by Administrators, Account Operators, and Server Operators. Account and Group management is important for preventing unauthorized access to the system. It needs to verify that the detected accounts are right members of this group.
* Note : Organizational Unit(OU) is an Active Directory container object used within domains. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. For more information, refer to "Active Directory" from the windows help : http://www.microsoft.com/windows2000/en/server/help
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/static/1279.php |
| Recommendation |
Remove the account from the group, if the account isn't reasonable.
For Windows NT:
1. Go to the Start ¡æ Programs ¡æ Administrative Tools(Common) ¡æ Domain User Manager
2. Select the user of interest from the list and Select the [Properties] from the [User] menu.
3. Click [Group] from the "User Properties" windows.
4. Select the group name from the member list and Click the [Remove] button.
For Windows 2000 domain:
1. Open the "dsa.msc" with [Run] of Start menu.
2. Select the user of users list from Active Directory Users and Computer Management windows and Select the [Properties] for the user of interest.
3. Select the [Group] tab from the Properties windows.
4. Select the group of interest and Click [Remove] button.
For Windows 2000, XP:
1. Open the Local Users and Groups Management Console by entering the "lusrmgr.msc" into the [Run] of Start menu.
2. Open the [Group] folder of the Local Users and Groups windows.
3. Select the group of interest from group list and Select the [Properties].
4. Select the user of members in the group and Click the [Remove] button.
For Windows 2003, VISTA, 7, 2008, 8, 2012, 10, 2016, 2019:
1. Start menu, select Run and then execute lusrmgr.msc
2. Open [Local Users and Groups] -> [Groups] folder and select the User.
3. Select the 'Properties' menu for the Group.
4. Select the group name from the member list and Click the [Remove] button. |
| Related URL |
CVE-1999-0603 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
