Basic IT Security #9|淺談資訊保安 #9

in cn •  7 years ago 

Hi everyone! Thanks for your support on the IT security series. And here comes to the 9th post for this series. Remember last time we have talked about how to check the user group and the users by using a command in the command prompt? You can list all the domain groups and domain user by the command mentioned in the last post.


However, I’ve got some friends asking me that although they can have a full list of groups and almost full list of user, however, it will take so much time to look through the list and select the critical groups to check the user in the group. In terms of completeness, they rather choose a less time consuming method and focus more on some critical user.


I totally understand what they mean. And yes, in real world, we not always get time to ensure the completeness, so we have to make it by risk base and sample base. So, in this post, I would like to introduce some other commands and approach which is more focus on the how to drill down to the domain user area.


And let’s first start to select some users. Remember last time, we first list out all the user groups and select those critical groups. It will take some time for it, so I would like to introduce another command to list out the default domain administrator user. So, open the command prompt and input: net user administrator /domain

首先,讓我們來決定怎樣選擇用戶吧。記得上一次,我們是先抽出一個用戶群組的列表的再選擇群組嗎?這的確比較廢時,所以這一次我們就用以下的指令去查看預設的Administrator帳號。打開命令提示視窗然後輸入: net user administrator /domain


Once the command was executed, it will generate the user profile of the account “administrator”. As administrator is a default account, it will always be into your domain user list. So, we will always try “administrator” first. And you will see the below screen as the sample of the user profile.



Almost all the useful information of the user “administrator” has been shown out. And I would suggest you focus on the information marked in red as shown in the below screen capture:



First, which is the “account active”, it show the account status. We can see whether the account is still active or not. If it is not active, it is just fine, as no one can login to it. If it is still active, then you have to see the more area.

首先是“account active”,它會顯示帳號的狀態。如果看到被停止了,那就沒什麼需要注意,因為它登入不了。如果不是,就要多看看其他的方面了。

Second is the “password last set”, by this field, we can know how long the user has not changed his password. Remember in those previous posts in this series, we have talked about the password configuration requirement? And change the password regularly is definitely one or the criteria.

第二個是“password last set”,透過這個項目我們可以知道用戶有多久沒有改過他的密碼了。記得我們這個系列以往的帖子嗎? 我們討論過密碼設定的要求,而定時的更換密碼就是其中一個最基本的保安標準。

The third thing is “last login”. If the account have not been login in for decade, we have to consider what is going on for this account, is it just a backup account or what? How to safe guard the password of the account at the moment.

而第三個要看的就是“last login”,如何帳戶有太久沒有被登入過,我們可能就要去看一看到底這個帳戶有什麼目的,它是作為後備的帳戶嗎?那的密碼到底由誰人掌控,而現在又如何保護呢?

And the fourth thing would be again the user group. As you can have an idea from this administrator account that which user groups are those critical user groups. And then you should follow the process we have discussed in the last post to check what user was included in those critical user groups.


And you should use the command: net user administrator /domain by replacing the account for administrator to those critical users to see the detail of those critical users. By doing so, I think you can have a very good user management for those privilege user accounts. And remember? User authority should always be granted as the Principle of Least Privilege!

而你可以用改變指令中net user administrator /domain 中的administrator 一字為你想要查看的帳戶去查看那些重要帳戶的帳戶資料。透過這個方式,我相信你可以有一個很好的特權用戶管理。還記得嗎?用戶的權限發放應該好好的遵守最小特權原則。

Thanks for reading, I hope you enjoy it!
And please follow me and see my other post if you like it: @victorier

如果你覺得不錯的話請你追蹤我,也可以看我其他的文章: @victorier

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

