Announcement

Collapse
No announcement yet.

Creating Stealth Users in 2003 server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating Stealth Users in 2003 server

    Hello,

    I would like to create stealth users in 2003. I dont want the user "Administrator" to be able to see the user in the Computer Management program.

    How can I create this user?

    thanks alot,
    yoav.

  • #2
    Re: Creating Stealth Users in 2003 server

    what you are asking is not valid, here is what you can do
    1. You can set permissions on the OU to the authenticated user to not read
    2. you can go under Default Domain Policy\\User Configuration\\Administrative templates\desktop\Active Directory from there you can enable it to hide from the end user.

    Comment


    • #3
      Re: Creating Stealth Users in 2003 server

      i have this little snippet...

      In order to hide these accounts from normal users, you must make a change to the security descriptors used by the PDC emulator to protect those groups. The process to perform this activity is as follows:

      Disable pre-Windows 2000 compatible access for the domain.
      Create a new user group named Server Applications.
      Open Active Directory Users and Computers
      Click the View menu, then click the Advanced Features command from the drop-down menu.
      Select the System container.
      Select the AdminSHolder object, then right-click and select Properties from the pop-up menu.
      Select the Security tab.
      Grant the Server Applications group the following access permissions on the AdminSHolder object:
      Server Applications: List Contents - Allow - This Object Only
      Server Applications: Read All Properties - Allow - This Object Only
      Server Applications: Read Permissions - Allow - This Object Only
      Remove the Authenticated Users and Pre-Windows 2000 Compatible Access items from the security tab of the AdminSHolder object.
      Consider granting user accounts that are members of the service administrator group membership in the Server Applications group. This is only necessary if those users need to see the members of the service administrator groups.
      Now, only user accounts with membership in the Server Applications group will be able to view the membership of the service administrator groups.
      i dont see how your going to hide it from the admins, and retain proper AD permissions.

      what is the purpose behind trying to hide these accounts? incorrect logons will lock the account, and hopefully nobody has the pwords...

      ???
      its easier to beg forgiveness than ask permission.
      Give karma where karma is due...

      Comment


      • #4
        Re: Creating Stealth Users in 2003 server

        Yoavz is asking about Local Administrator - he's saying he doesn't want the local administrator to be able to see a local User in "Computer Management".

        Unfortunately, Dr Kernal's first response is correct - "your request is not valid" - simply because "Administrator" is top of the pile - king of the heap - there is noone higher. If you succeeded, and took away his access to local users, you would make your computer unfixable if you got a problem.

        What is the actual problem you're having that you were trying to fix this way?
        Last edited by Stonelaughter; 24th July 2007, 22:48.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment

        Working...
        X