Hello Hong, this DOES happen on Windows NT. This is a 'feature' of NTLM Authentication. You can, in fact, set your local administrator password to the same thing as the domain administrator and have domain admin priveliges everywhere.
Anyway, it's not a bug, but a feature. If you move your domain to native mode and implement Kerberos authentication (list - correct me if i am wrong) you should get rid of this problem. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Ursprüngliche Nachricht----- Von: hong li [mailto:[EMAIL PROTECTED] Gesendet: Wednesday, July 02, 2003 4:35 PM An: [EMAIL PROTECTED] Betreff: Security issue in Windows 2000? If you use the same password for the local administrator on workstations as all other servers's local administrator, (even domain administrator),the local administrator can gain full access to any servers without asking domain info if you logon locally using local administrator account. You even can map to \\servername\c$ whihout asking any domain users info. I recalled this never happenes in NT environment and it always pops you doamin userinfo when you access any server in the doamin if you log on locally. Is this the security hole in Windows 2000 environment or something else? Thanks in advance, Hong __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------