Announcement

Collapse
No announcement yet.

Insecure???

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Insecure???

    I have an NT 4.0 Wkstn (SP6a). I log into a domain (I am also a member of the local administrator group on my wkstation).

    I do NOT have administrator access to the domain. Using Hyena I am able to view the machines on the domain (and other domains I believe are trusted).

    I can click on any computer and under it, the shares. I then can view, copy, delete etc. Any information on anyone's computer. This is pretty insecure. What does Hyena use to do this? (function in NT --- which specific???) What can be done to secure this?
    Tags: None
  • #2
    Re: Insecure???

    Actually, Hyena doesn't manage security itself, but rather depends on NT for this.

    If you are accessing computers across the network and able to delete files and such, then your account has permissions to do so.

    As a test you can go into Windows Explorer, or Network Neighborhood and connect to one of the computers you accessed through Hyena and you should be able to do the same things you did in Hyena.

    Comment

    • #3
      Re: Insecure???

      No, that's the issue. I can only see the individual machines and below, printers and scheduled tasks. No drive info, svcs etc. That's why I don't understand. It is only when I use Hyena that I can get at everything. PS on the domain I only belong to the user group. Any other ideas?

      <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
      <span style="font-weight: bold">Actually, Hyena doesn't manage security itself, but rather depends on NT for this.

      If you are accessing computers across the network and able to delete files and such, then your account has permissions to do so.

      As a test you can go into Windows Explorer, or Network Neighborhood and connect to one of the computers you accessed through Hyena and you should be able to do the same things you did in Hyena.</span></div></div>

      Comment

      • #4
        Re: Insecure???

        Again, Hyena depends upon the security in NT/2000 and cannot give you rights that you don't already have. Either your rights are greater than what you think, or you are seeing information that is not secured in the first place.

        With respect to computer names, shares, and user/group names, this information is not secured in NT or 2000...any user can access it. If you can see the C$, D$, etc shares, then you are an administrator. If another user shares their entire C drive as a share and names it "C", then you will be able to see that with Hyena (or Explorer), and then see the files, and in turn, possibly delete files, etc.

        You probably need to discuss this issue with support directly, as we really can't address this further in a discussion format.
        Kevin Stanush
        SystemTools Software Inc.

        Comment

        Previous template Next
        Working...
        X