Hello John,
Unfortunal you can not see it that easy, you have to use the advanced view
in security tab of OUs for example to check for delegated control. Also this
may help:
http://gallery.technet.microsoft.com...9-d4b0dc408091
Additional check this page for scripting solutions:
http://gallery.technet.microsoft.com...5D.Value=dacls
Rebuilding will only help if you can go back to a state/date where the system
wasn't hacked. So do you have that old backups with at least a healthy system
state?
Otherwise you can only start from scratch in my opinion. If you just add
a new installed DC to the domain this will not prevent from copying the maybe
granted permissions from AD to the new DC also.
A limited option can be to use LDIFDE to export from the old to the, if decided
to do it, new domain:
http://support.microsoft.com/kb/237677
This will not have the full option of AD database but parts of it can be
rebuild na dyou can control the texfile also before importing.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> I won't go into the reasons here but I think
> our domain controllers has been hacked. We have
> a small domain of about 50 people. My question
> is what things should we do to cleanup. We plan
> to rebuild the domain controllers. We will also
> change everyone's password and check group
> policy and all the groups we have setup,
> especially the Admin group. I want to check
> to see if any user account has been delegated
> any privileges but I don't see a way to view
> this. Is there a way to view delegated privileges?
> We also will run the baseline security analyzer
> on the computers. Of course we will run
> anti-virus/anti-spyware on the computers. Are
> there other things we need to check for? Thank you.
> John
>
Similar Threads
Linear Mode
