ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Guest Account

    Scheduled Pinned Locked Moved IT Discussion
    20 Posts 5 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ @scottalanmiller
      last edited by

      @scottalanmiller said in Local Guest Account:

      So deleting should just be what we do.

      Yes, in order to be 100% sure that local elevation does not happen. Unless you are actively monitoring local accounts which most organizations do not and only monitor domain accounts.

      1 Reply Last reply Reply Quote 0
      • NattNattN
        NattNatt @IRJ
        last edited by

        @IRJ said in Local Guest Account:

        @DustinB3403 said in Local Guest Account:

        We disable it.

        According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

        The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

        Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

        IRJI scottalanmillerS 2 Replies Last reply Reply Quote 0
        • IRJI
          IRJ @NattNatt
          last edited by

          @NattNatt said in Local Guest Account:

          @IRJ said in Local Guest Account:

          @DustinB3403 said in Local Guest Account:

          We disable it.

          According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

          The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

          Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

          Internal IT poses a risk as well.

          DashrenderD NattNattN 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @IRJ
            last edited by

            @IRJ said in Local Guest Account:

            @NattNatt said in Local Guest Account:

            @IRJ said in Local Guest Account:

            @DustinB3403 said in Local Guest Account:

            We disable it.

            According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

            The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

            Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

            Internal IT poses a risk as well.

            Having a computer poses a risk. We should just kill all these risks, and kill all computers.

            1 Reply Last reply Reply Quote 2
            • NattNattN
              NattNatt @IRJ
              last edited by

              @IRJ said in Local Guest Account:

              @NattNatt said in Local Guest Account:

              @IRJ said in Local Guest Account:

              @DustinB3403 said in Local Guest Account:

              We disable it.

              According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

              The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

              Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

              Internal IT poses a risk as well.

              Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @NattNatt
                last edited by

                @NattNatt said in Local Guest Account:

                @IRJ said in Local Guest Account:

                @DustinB3403 said in Local Guest Account:

                We disable it.

                According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                You pay people to do work but stand around watching over their shoulders? That's bad practice. If you don't trust them, why are they on the machine with access to things you don't trust them to touch?

                DashrenderD 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @NattNatt
                  last edited by

                  @NattNatt said in Local Guest Account:

                  @IRJ said in Local Guest Account:

                  @NattNatt said in Local Guest Account:

                  @IRJ said in Local Guest Account:

                  @DustinB3403 said in Local Guest Account:

                  We disable it.

                  According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                  The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                  Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                  Internal IT poses a risk as well.

                  Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...

                  Right, so why watch your vendor like that, they are part of your team.

                  NattNattN 1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @scottalanmiller
                    last edited by

                    @scottalanmiller said in Local Guest Account:

                    @NattNatt said in Local Guest Account:

                    @IRJ said in Local Guest Account:

                    @DustinB3403 said in Local Guest Account:

                    We disable it.

                    According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                    The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                    Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                    You pay people to do work but stand around watching over their shoulders? That's bad practice. If you don't trust them, why are they on the machine with access to things you don't trust them to touch?

                    lol - because HVAC company that Target used.

                    FYI - I'm mostly kidding, but not entirely.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said in Local Guest Account:

                      @scottalanmiller said in Local Guest Account:

                      @NattNatt said in Local Guest Account:

                      @IRJ said in Local Guest Account:

                      @DustinB3403 said in Local Guest Account:

                      We disable it.

                      According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                      The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                      Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                      You pay people to do work but stand around watching over their shoulders? That's bad practice. If you don't trust them, why are they on the machine with access to things you don't trust them to touch?

                      lol - because HVAC company that Target used.

                      FYI - I'm mostly kidding, but not entirely.

                      They weren't the problem. The problem was whoever gave them tons and tons more access than they were supposed to have. Why were they given open access to the network? It was the network admin's lack of security that caused the problem.

                      1 Reply Last reply Reply Quote 0
                      • NattNattN
                        NattNatt @scottalanmiller
                        last edited by

                        @scottalanmiller said in Local Guest Account:

                        @NattNatt said in Local Guest Account:

                        @IRJ said in Local Guest Account:

                        @NattNatt said in Local Guest Account:

                        @IRJ said in Local Guest Account:

                        @DustinB3403 said in Local Guest Account:

                        We disable it.

                        According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                        The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                        Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                        Internal IT poses a risk as well.

                        Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...

                        Right, so why watch your vendor like that, they are part of your team.

                        Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team, they're an external third party. Not saying sit there and just do that, but we are always on the server at the same time with a recorded session in those instances, can still do other tickets etc in the background, but keep an eye on for opening stuff they shouldn't be doing/have a recording to prove stuff that was done etc

                        scottalanmillerS IRJI 2 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @NattNatt
                          last edited by

                          @NattNatt said in Local Guest Account:

                          Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team,

                          In that case the client is the system administrator in charge of security and you are peers on the team with the vendor. Still part of the team, and you're not running IT. The IT manager is the one making the security decisions.

                          1 Reply Last reply Reply Quote 1
                          • IRJI
                            IRJ @NattNatt
                            last edited by

                            @NattNatt said in Local Guest Account:

                            @scottalanmiller said in Local Guest Account:

                            @NattNatt said in Local Guest Account:

                            @IRJ said in Local Guest Account:

                            @NattNatt said in Local Guest Account:

                            @IRJ said in Local Guest Account:

                            @DustinB3403 said in Local Guest Account:

                            We disable it.

                            According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                            The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                            Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                            Internal IT poses a risk as well.

                            Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...

                            Right, so why watch your vendor like that, they are part of your team.

                            Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team, they're an external third party. Not saying sit there and just do that, but we are always on the server at the same time with a recorded session in those instances, can still do other tickets etc in the background, but keep an eye on for opening stuff they shouldn't be doing/have a recording to prove stuff that was done etc

                            You can give yourself a local admin rights in about 60 seconds through the GUI. If you script it, you are talking about 3-5 seconds. If you are going to let someone on your system, you better be auditing them.

                            NattNattN 1 Reply Last reply Reply Quote 0
                            • NattNattN
                              NattNatt @IRJ
                              last edited by

                              @IRJ said in Local Guest Account:

                              @NattNatt said in Local Guest Account:

                              @scottalanmiller said in Local Guest Account:

                              @NattNatt said in Local Guest Account:

                              @IRJ said in Local Guest Account:

                              @NattNatt said in Local Guest Account:

                              @IRJ said in Local Guest Account:

                              @DustinB3403 said in Local Guest Account:

                              We disable it.

                              According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.

                              The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.

                              Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?

                              Internal IT poses a risk as well.

                              Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...

                              Right, so why watch your vendor like that, they are part of your team.

                              Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team, they're an external third party. Not saying sit there and just do that, but we are always on the server at the same time with a recorded session in those instances, can still do other tickets etc in the background, but keep an eye on for opening stuff they shouldn't be doing/have a recording to prove stuff that was done etc

                              You can give yourself a local admin rights in about 60 seconds through the GUI. If you script it, you are talking about 3-5 seconds. If you are going to let someone on your system, you better be auditing them.

                              That was my point, we do that, we record everything as well to make sure we don't miss anything/can play back and see exactly what was done, covering ourselves in case something they do breaks the system//creates a backdoor//loophole like this

                              1 Reply Last reply Reply Quote 0
                              • 1 / 1
                              • First post
                                Last post