Re: Active Directory user goes corrupt

[Saurabh Thakrar <SThakrar () nyx com>]

Peter O.,

In addition to some suggestions given by Peter S.;
While you have this possible corrupt account on hand, 
Since you took over this job recently, you may not know all the privileges that this user is suppose to have.

Instead of providing individual privileges to this newly created user account in AD...

Does this user in question belong to any group (i.e. - finance, marketing, etc...)?

If so, simply assign this newly created user to that group. This will get the user up and running in very short time...

Hope this helps,

------Original Message------
From: petersetlak () me com
To: Peter Odigie
Cc: security-basics () securityfocus com
Cc: pen-test () securityfocus com
Subject: Re: Active Directory user goes corrupt
Sent: Aug 17, 2010 2:52 PM

Peter,

A single corrupt profile does not necessarily indicate a corrupt Active Directory. Some pointers - O'reilly has a book 
called the Active Directory Cookbook - it's good. In the meantime, his profile can become corrupt if he has rights to 
change things, settings, download and install, etc. Be sure his user only has rights to do what he needs to do - 
nothing more. You may also want to investigate making his user profile "mandatory" as well as try to pull as many 
settings and control of his environment back in to AD policies giving you more centralized control over users' settings.

As I don't know any details of your environment, the above are just suggestions...

-

Peter J. Setlak
petersetlak () me com

Sent from my iPad

On Aug 17, 2010, at 6:10 AM, Peter Odigie <peterodigie () gmail com> wrote:

> Hi All!
>
> I am new to active directory and I am presently managing one in a firm. A
> staff comes to me and says his desktop contents are no longer there and wit
> his login he cannot open packages on the his system.  Initially, I thought
> it was his computer but after I logged in with my own user and he tried
> logging into the domain on other computers he had the same problem. It seems
> his user profile on the server (Windows Server 2003) has gone corrupt. 
>
> How did that happen? And what am I to do? These are the questions on my
> head.  In the main time I have created another user for him and I am going
> through the pain of transferring giving him privileges to what he should
> have access to.  Any help?
>
> Also, I will like a recommendation of where I can get some free books on
> Active directory management.
>
> Thanks!
>
> Peter
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



Thank You,
Saurabh A. Thakrar
Application Security Engineer | Information Security | NYSE Euronext
P: 312.442.7099 | BB: 312.316.2834 | sthakrar () nyx com
Please consider the environment before printing this email.

Visit our website at http://www.nyse.com

****************************************************

Note:  The information contained in this message and any attachment to it is privileged, confidential and protected 
from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited.  If you have received this communication in error, please notify 
the sender immediately by replying to the message, and please delete it from your system.  Thank you.  NYSE Euronext.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------