Print

Print


No dice...

Melissa Hayden-Raley
Technology Supervisor
Milton Town School District
802-893-5460
http://helpdesk.mtsd-vt.org

School Information Technology Discussion <[log in to unmask]> writes:
>See this article on hidden accounts.
>[ http://www.wikihow.com/Create-and-Manage-a-Hidden-Account-in-Windows-7
>]http://www.wikihow.com/Create-and-Manage-a-Hidden-Account-in-Windows-7
>
>
>
>Do the 'net user' command as an admin and see if you see anything
>interesting.
>
>
>C
>
>Craig Donnan, MA
>Systems Administrator
>Washington West Supervisory Union
>340 Mad River Park, Suite 7
>Waitsfield, VT 05673
>802-496-2272 x120
>fax: 802-496-6515
>
>
>
>On Thu, Jan 7, 2016 at 3:31 PM, Melissa Hayden-Raley <[
>mailto:[log in to unmask] ][log in to unmask]> wrote:
>
>
>I searched the whole AD, and the local accounts on all computers involved.
> No match (other than the computer account in AD).
>
>Melissa Hayden-Raley
>Technology Supervisor
>Milton Town School District
>[ tel:802-893-5460 ]802-893-5460
>[ http://helpdesk.mtsd-vt.org ]http://helpdesk.mtsd-vt.org
>
>School Information Technology Discussion <[ mailto:[log in to unmask]
>][log in to unmask]> writes:
>>Hi Melissa,
>>
>>
>>I would look at the user account information on the local computer (on
>>the 'other' computers as well as on the actual computer123) and see if
>>you see a user that was created with that username on each of the
>>systems.  It may not be a domain account, but a local user account. 
>>Use the Computer Management panel and the Local Users and Groups module
>>there to review a more complete look at all the users defined on the
>>system.
>>
>>
>>I would be interesting to know the rights assigned to that user.
>>
>>
>>If you find a user - then you have to determine who has rights to create
>>a local user, and track it down.
>>
>>
>>
>>You are sure that there are no domain users by that account name
>>computer123 in any of the OUs?
>>
>>
>>Now we all want to know the answer!
>>
>>
>>Good luck.
>>
>>
>>Craig
>>
>>
>>
>>Craig Donnan, MA
>>Systems Administrator
>>Washington West Supervisory Union
>>340 Mad River Park, Suite 7
>>Waitsfield, VT 05673
>>[ tel:802-496-2272%20x120 ]802-496-2272 x120
>>fax: [ tel:802-496-6515 ]802-496-6515
>>
>>
>>
>
>>On Thu, Jan 7, 2016 at 11:43 AM, Melissa Hayden-Raley <[
>>mailto:[ mailto:[log in to unmask] ][log in to unmask] ][
>mailto:[log in to unmask] ][log in to unmask]> wrote:
>>
>>
>>Hey Listers!
>>
>>I have a mystery for you.  Several of our Windows 7 computers have a
>>strange folder on them.  It is named C:\Users\COMPUTER123, where
>>computer123 is the name of a specific laptop on our network.  The create
>>date on this folder is 12/16/14.  All of the laptops involved were
>imaged
>>in the summer of 2015.  The folder is not on the image.
>>The folder is not username.computername, which happens from time to time
>>when a profile gets corrupt.
>>I took a very quick look at the hard drive of computer123, and didn't see
>>any programs out of the ordinary.
>>The contents of the profile folder are all your typical profile folder
>>things.  All defaults.
>>No errant local accounts.  Or domain accounts.
>>I have seen this folder on the 5 random laptops around the network that I
>>checked today; the only ones I did not find it on are those that are
>>freshly imaged in the office.
>>
>>So... how did this folder get created, and with a date that was 10 months
>>prior to the laptop getting imaged?  Looks like the typical default
>>profile stuff.  But we don't have a user account to match, so how would
>a
>>profile get created without an interactive or remote logon?  Computer
>>accounts can't log on to other computers in a way that creates a profile,
>>right?
>>
>>Hmmmm.  I feel like I must be missing something obvious.  Can anyone
>>shed
>>any light on this?
>>
>>Melissa Hayden-Raley
>>Technology Supervisor
>>Milton Town School District
>
>>[ tel:[ tel:802-893-5460 ]802-893-5460 ][ tel:802-893-5460 ]802-893-5460
>>[ [ http://helpdesk.mtsd-vt.org ]http://helpdesk.mtsd-vt.org ][
>http://helpdesk.mtsd-vt.org ]http://helpdesk.mtsd-vt.org
>>
>>
>>__________________________________________________________________
>>CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
>is
>>for the sole use of the intended recipient(s) and may contain
>confidential
>>and privileged information. Any unauthorized review, use, disclosure, or
>>distribution is prohibited. If you are not the intended recipient, please
>>contact the sender by reply e-mail and destroy/delete all copies of the
>>original message.
>>
>>
>>
>>
>>
>>-----------------------------------------------------------------------
>>
>>[ [ http://list.uvm.edu/archives/school-it.html
>]http://list.uvm.edu/archives/school-it.html ] Search  the SCHOOL-IT
>>Archive
>>
>>[ [ http://list.uvm.edu/cgi-bin/wa?SUBED1=SCHOOL-IT&A=1
>]http://list.uvm.edu/cgi-bin/wa?SUBED1=SCHOOL-IT&a=1 ] Manage your
>>Subscription to SCHOOL-IT
>>
>
>
>
>__________________________________________________________________
>CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
>for the sole use of the intended recipient(s) and may contain confidential
>and privileged information. Any unauthorized review, use, disclosure, or
>distribution is prohibited. If you are not the intended recipient, please
>contact the sender by reply e-mail and destroy/delete all copies of the
>original message.
>
>
>
>
>
>-----------------------------------------------------------------------
>
>[ http://list.uvm.edu/archives/school-it.html ] Search  the SCHOOL-IT
>Archive
>
>[ http://list.uvm.edu/cgi-bin/wa?SUBED1=SCHOOL-IT&A=1 ] Manage your
>Subscription to SCHOOL-IT
>



__________________________________________________________________
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy/delete all copies of the
original message.