Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is the "net user <username> /domain" reliable

19 Oct 2016   #1
fretagi

windows 7 32 bit
 
 
Is the "net user <username> /domain" reliable

Hi

Lately I have noticed that either my desktop and laptop are being accessed while I am away or even when I am logged in into the domain of my organization! On both of them I have user profiles of some users, and when running the following:

net user <username> /domain | findstr /C:"Last logon"

I see that some of my colleagues have been logged in. last night before I left home, I have unplugged the network cable of my desktop, but today when I run the command I see that one guy has looged in last night when apparently there was no connectivity, because I have unplugged the network cable.
Please can you help me, is this command reliable or somebody is really logging in on my pc!


My System SpecsSystem Spec
.
19 Oct 2016   #2
Alejandro85

Windows 7 Ultimate x64
 
 

Why would not the command be reliable?

Unplugging the network will not stop anyone from logging in into the local computer, even with a domain account (as the credentials are cached). When in doubt, don't play games with a potential attacker, just change your password and leave him out of your computer.
My System SpecsSystem Spec
19 Oct 2016   #3
fretagi

windows 7 32 bit
 
 

Hi

Thanks for the reply, the guys who are login into my desktop, they are from IT department, and they have their profiles on my desktop. I even delete the profiles, but they still managed to get in. Would a password change prevent them from login in future? I have disable the "switch user" option, and they still managed to get in as well. Please help me prevent these guys to mess around on my pc.
My System SpecsSystem Spec
.

20 Oct 2016   #4
Alejandro85

Windows 7 Ultimate x64
 
 

Now that's a different occurrence. I'm assuming you have a domain there. Within domains one important characteristic is that user accounts work in every account attached to it, no matter what (that's called "roaming"), so both your account and theirs will serve to login in any domain-joined computer, there is no way around this.
Moreover, for users that are domain administrators, they also get local administrative power in every domain computer they want, all that being by design.

You cannot simply "delete their profiles" from your computer, as the user accounts live in the domain controller actually (and the c:\users\<name> folder contains just settings and is regenerated if you delete it). Neither would do a password change as I mentioned earlier, you can change your password, but they're not using it, they're using theirs, which is outside of your control.

The big question is why do they do this? Being IT staff, I could guess there is a business reason for it? Or just for making fun on anyone? To me this seems one situation that's handled more by talking rather than by blocking.
Another question would be what damage can they actually do. As they use different account, your settings and most configuration would be unaffected, and if you keep your data under your profile it would be difficult to get at it at all. Unless they're domain admins, in which case they own you. What exactly bothers you in all this? What do you want to protect against?

Technically, there is little to do about this. Login everywhere is an inherent feature of domains and the way it's meant to work. If you really want to prevent it, you could take the computer out of the domain, so domain accounts no longer work (not even yours), or a more drastic approach can be to use full disk encryption, so that without a password, Windows won't even boot. Both require local admin access. And most likely, corporate authorization to tamper with their computers.
My System SpecsSystem Spec
20 Oct 2016   #5
fretagi

windows 7 32 bit
 
 

Hi
Thanks for the reply. I dont know why they are doing this, perhaps they are trying to make a point, because they are windows guys, I am a unix guy, or perhaps there is politics involved as well, I dont know. The fact is that I am not comfortable with this, and I want this to stop. I dont know how!!
My System SpecsSystem Spec
20 Oct 2016   #6
Alejandro85

Windows 7 Ultimate x64
 
 

There is no way to prevent this, as long as you don't own the computer and have full control over its accounts. Being part of a domain means that anyone within the domain can login in every computer in the domain, plain and simple. This includes your computer and those "IT" guys.

If you can take control of the computer, just remove from the domain and the attack is over. But I guess it's your work computer, and as such you don't have that power. As I said earlier, full-disk encryption is one possible way to add another password outside of the domain thing (which is also nice to protect against offline attacks).

The nature of this is pretty much the same on Windows than on any Unix variant: if you have a user account, know its password and is enabled, you can login, period. The twist is that, in Windows computers attached to a domain, every domain user also works in every domain computer.
My System SpecsSystem Spec
20 Oct 2016   #7
fretagi

windows 7 32 bit
 
 

Hi
Thanks for the reply, you are right, its my office computer, I cannot remove from the domain. I will now investigate how to proceed with full-disk encryption.
thanks for the inputs
My System SpecsSystem Spec
21 Oct 2016   #8
cgc018

Windows 7 32 bit Pro
 
 

Since this is your work computer, I would highly recommend against trying to encrypt the disk yourself and also with trying to keep your IT people from reaching your computer.

Have you tried talking to your IT group to see why they are logging into your computer? Do you believe that IT is trying to do something malicious to your computer while you are not there? If you do believe that they are messing up your computer then you should try talking to your management about it.
My System SpecsSystem Spec
21 Oct 2016   #9
fretagi

windows 7 32 bit
 
 

Hi

yes, I have already taken this matter to management, they are now taking over.
My System SpecsSystem Spec
21 Oct 2016   #10
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Just a thought.

Is it possible that the I.T. Department is entering your computer to do maintenance or updating things.
My System SpecsSystem Spec
Reply

 Is the "net user <username> /domain" reliable




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Domain User Sees Server Shares under "Other"
I have had this client for about 5 years now and haven't had this problem before. I created his user account and setup his access. When i logged in his computer as him, under "My Computer" I see "Other" and then all of the drives on the server, which no other user has. What is causing this???? He...
Network & Sharing
Is Google Drive reliable? Dell Data"Safe" backup is NOT
Am I kidding myself that using Google Drive (free) is a good idea for my off-site backup? Every once in awhile I notice its system tray icon is "faded", meaning that it isn't running, probably because I lost the wireless signal on my laptop, possibly because my router seems to require resetting...
Backup and Restore
Assigning "domain user" to "local admin" on select PCs
I'd like to assign a few select "domain users" to be local admin over their test machines which log into a domain. The test machines are Windows 7 64bit and the domain is Win2k8 R2. I have been searching around for the best way to do it but I've come up short on my search. Anyone know off the...
Network & Sharing
How to rename "Computer" to "Username on Computername"
This was a popular tweak for Windows XP and it worked also in windows Vista: it needed a very simple change in Windows registry: System Key: Rename the value named "LocalizedString" to "LocalizedString.old". Create a new REG_EXPAND_SZ value named "LocalizedString", and set the value to...
Customization
Username "New user" After Installing
Well basically I never changed my username while installing a new copy of Windows 7 I got with a new PC. Its stuck as "New User" http://i.imgur.com/1MdTD.png I've tried searching but found nothing to change that part of it, Its really no Big deal but its a bit Frustrating not knowing how to...
General Discussion
Move "Computer" and "[username]" out from under Desktop in Explorer?
Hello, nice peoples that provide so many fixes to make Windows suck less. I've been looking for hours, but the terms are so general I can't find anything. When I open up Windows Explorer, the "Computer", my profile folder, and the Recycle Bin all appear under "Desktop". Which makes finding...
Customization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App