That's called Null Session Enumeration. The GFI Languard Network Scanner can be set up to connect via null session, and enumerate from there. Download it, and fire it at his unprotected, outward facing IP address. WinXP and Win2003 have Null Sessions disabled by default. All others have it enabled by default, but the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymou s is used to disable it. See http://tinyurl.com/ssd7 Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. ________________________________ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Beckett Posted At: Friday, August 20, 2004 4:29 PM Posted To: Windows 2000 Conversation: [windows2000] Re: Changing Domain Administrator account name Subject: [windows2000] Re: Changing Domain Administrator account name Speaking of admin account. What is the exploit that allows a readout of local users on an internet exposed machine against a Windows box? My boss doesn't believe me. -----Original Message----- From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx] Sent: Friday, August 20, 2004 11:30 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Changing Domain Administrator account name You've got it right on all accounts... yes, that is how you rename it, and yes, the "separate account" method is a "Best Practice" that is good to follow. Not easy to follow, especially if you don't start off that way. But with the advent of "Run As" and "Manage Your Server" it is now much easier... HTH, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. ________________________________ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Jesse Posted At: Friday, August 20, 2004 11:22 AM Posted To: Windows 2000 Conversation: [windows2000] Re: Changing Domain Administrator account name Subject: [windows2000] Re: Changing Domain Administrator account name Pardon the ignorance, in Active Directory Users and Computers, right click on the Administrator account and click rename? An a follow up question, is it best practice to have a separate account that is a member of domain administrators or use the same. For example, my day to day account jjesse would not be a domain admin but then have a domain admin account jjadmin or something like that I would use to work on administrating my network? Hopefully that makes sense Jonathan Jesse Network Specialist Founders Trust Personal Bank This page and any accompanying documents contain confidential information intended for a specific individual and purpose. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ________________________________ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn Sent: Friday, August 20, 2004 11:16 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Changing Domain Administrator account name If you just want to rename the administrator account, go ahead. As a matter of fact, I highly recommend renaming the admin account, disabling it, and then creating a new account called "Administrator" with no rights. Since the SID-1 account (the administrator) cannot be locked out, no matter how many times someone tries to brute force it, it is critical that you rename this account to something else. And then the dummy account is a way of phishing for crackers... monitor it for lockout/failures, and you will be on the right track. Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. ________________________________ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Jesse Posted At: Friday, August 20, 2004 10:58 AM Posted To: Windows 2000 Conversation: [windows2000] Changing Domain Administrator account name Subject: [windows2000] Changing Domain Administrator account name Was recently asked by my boss to look into changing the domain administrator account from administrator to something else. Could someone point me to some documentation, haven't found any so far on Microsoft's site, but I'm just starting Thanks in advance, Jonathan Jesse Network Specialist Founders Trust Personal Bank This page and any accompanying documents contain confidential information intended for a specific individual and purpose. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm