the microsoft hack & windows 2000

[Masial <masial () SECURED ORG>]

Hi list,

I was reading this peice on /. about the MS hack and it got me thinking that
microsoft might be right on something.

<SNIP>
"How about how someone who had the ability to create accounts on the
network, if the incident only did last a week as the article implied, could
only perhaps have a 'brief glimpse of the source code.' I don't know about
you, but even on a 2400 baud modem, I think I could probably download more
than a glimpse."
</SNIP>

Now I was saying to myself, well this guy is thinking NT. But in windows
2000, you can have a user thats able to create accounts in a certain scope
while having absolutely no rights on the source safe servers. Is it possible
that Windows2000 will bring new shades in accounts hacking? How do you get
out of a partial-admin account? Where can you elevate your privileges?

In light of the new Active Directory, you might have an account with the
ability to change propreties A,B and C of an object while having a
permission denided on some other. My real question here is, is that just
security trough obscurity? Obsfucate your enemy. Or is it possible that
splitting up the admin's rights prove helpfull to the security of Win2000
based networks?

food for tought

M.