[THIN] Re: Terminal Services Configuration
- From: "Berny Stapleton" <berny@xxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Mon, 23 Jun 2008 14:17:00 +0100
That's exactly how I am recovering the account at the moment while I am
doing up the build. In the long term though, this won't be a requirement and
if we have to do anything, it's will be because the box has been compromised
and then it's cloning, examination and a rebuild with a fix.
The new admin account already has permissions over those keys, so that's not
it.
Berny
2008/6/23 Adam Thompson <adwulf@xxxxxxxxx>:
> 2008/6/23 Berny Stapleton <berny@xxxxxxxxxxxxxxxxx>:
> > The administrator account on this host is disabled, and I am trying to
> > replace it. Effectively, I want the Administrator SID to be useless,
> > unfortunately from what I have seen so far is that Windows is hard coded
> in
> > places to use the Administrator SID, so this is going to be impossible. I
> > would like to get as close to it as possible though.
> >
> > The only way I can get the admin account back now is to boot off a CD and
> > modify the registry offline.
> >
>
> You should be able to regain access to the Administrator account by
> using the bootdisk at:
> http://home.eunet.no/pnordahl/ntpasswd/
> - it will unlock and enable the administrator account, as well as
> reset the password.
>
> To allow non-admins the rights to modify the TS configuration, I'd run
> some regmon/filemon traces to see where the config is kept.
> Then create a group (eg TermServAdmins) and grant modify permissions
> on those files/keys for that group.
>
> Start by looking at HKLM\Software\Policies\Microsoft\Windows
> NT\Terminal Services
> and
> HKLM\Software\Windows NT\Current Version\Terminal Server
>
> and seeing what the current permissions are. You might be able to
> fine-tune the permissions a bit (so some TS admins can do certain
> things, but not others).
>
> --
> AdamT
> "At times one remains faithful to a cause only because its opponents
> do not cease to be insipid." - Nietzsche
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://www.freelists.org/list/thin
> NEW! Follow Thin List on Twitter!
> http://twitter.com/thinlist
> Thin List discussion is now available in blog format at:
> http://thinmaillist.blogspot.com
> HOT! Thinlist MOBILE Feed!
> http://thinlist.net/mobile
> Thinlist quick pick
> http://thinlist.net
> ************************************************
>
>
- References:
- [THIN] Terminal Services Configuration
- From: Berny Stapleton
- [THIN] Re: Terminal Services Configuration
- From: Joe Shonk
- [THIN] Re: Terminal Services Configuration
- From: Berny Stapleton
- [THIN] Re: Terminal Services Configuration
- From: Adam Thompson
Other related posts:
- » [THIN] Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- » [THIN] Re: Terminal Services Configuration
- [THIN] Terminal Services Configuration
- From: Berny Stapleton
- [THIN] Re: Terminal Services Configuration
- From: Joe Shonk
- [THIN] Re: Terminal Services Configuration
- From: Berny Stapleton
- [THIN] Re: Terminal Services Configuration
- From: Adam Thompson