Hi All,

I've got a Windows 2000 Security question that I hope some of you can answer:

I've created a service account in the a Windows 2000 domain and have given it the following rights & privileges on a member server:

* Deny Logon Locally
* Logon as a service
* Replace a process level token

This is service account is also a member of the Local Administrators group on the member server. This service account is required to run an app on the server.

The service account have a strong password, lockout after 3 bad attempts, the password is safely stored away in a safe...

Assumed that the server is not in the DMZ and safely behind firewalls, what are the general vulnerabilities and exploits that may be faced with this type of service accounts?

Thanks & Regards,
Scaredycat

Here's a few:

- If you use this account to run services on workstations (like SMS does), the user could run lsadump2 at the workstation to dump the info on service accounts

- You could still sniff the password as it travels over the network (doesn't sound like this password travels thou)

- You better have your ERD which has the password on it in the safe too or it can get cracked if it's laying around. While you're at it, change the security settings of the c:\windows\repair directory to only allow adminstrators to access it. The password's there too if you made an ERD and backed the files up.

- Who else knows the safe combo?

- And of course someone could steal the server and crack it at leisure (okay, that's a reach, but the last place I worked, a server in austriala was stolen twice!)

That's all I can think of off the top o' my head