MSNBC/BugNet: Windows 2000's Active Directory not enforcing rights | Linux Today

MSNBC/BugNet: Windows 2000’s Active Directory not enforcing rights

Written By
Web Webster
Web Webster
Feb 20, 2000

“The Active Directory security hole, as outlined in the Novell
report, allows the administrator of department A to control access
to resources in department B even though administrator A has been
explicitly denied the right to modify the ownership of that object.
This allows administrators to take ownership and modify
permissions, and thereby gain access to sensitive data.

By following the steps in the Novell report, BugNet was able
to duplicate Novell’s findings.
Even though the owner of the
OU can explicitly deny any privileges to the administrator,
including denying ownership, users from the administrative group
can still get in, change ownership, and grant themselves
permissions.

To further inflame the problem, if an administrator
inappropriately takes ownership of a network resource, the
legitimate OU owner is not immediately notified.
The OU owner
could eventually find out, but only after logging in and seeing
that the object’s ownership has changed. By the time someone gets
around to this, the damage might have already been done and the
perpetrator could have already left the company. Our default
installation of Windows 2000 Advanced Server did not track
ownership changes in the Windows 2000 Event Viewer, meaning that
there is no way for a network manager to police these types of
changes except to touch every object on the network with the
administration tool.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.