Re: Re: 'Read only' Admin privileges for Active Directory environment?

[sfmailsbm () gmail com]

1. Query Active Directory

As a 'normal' user, anyone can query AD, you can install "AD Administration tool" on your machine and launch your query 

There will be some properties that you will not be able to access, but i think this would be a good place to start


You can also look for other tools available to launch queries, if domain admin rights are required, you can request 
your admins to launch the query (you can sit next to him to male sure he is not tampering with the reports ;)

2. Trust the admins

Its true, we must trust our admins, but can we have full trust on them?

We can never really fully trust anyone, this is why we have sections like Internal Audit & Information Security to look 
for malpractices




---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and  
practice to master. We can't teach you to hack. But we can teach you  
what we've learned so far. Our courses are honest, real, technical  
and practical. SensePost willl be at Black Hat Vegas in July. To see  
what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------