Dsa.msc and Domain.msc on Windows 2000
Please read all of these instructions, and only follow them if you understand what they intend for you to do.
This page is meant to show how to enable a non-server version of Windows 2000 to access the directory services from their network. I've only had one non-server verson of Windows 2000 to test it on, so results may vary. I highly doubt adding these registry settings will do any harm, even if they happen to not work.
Note that you will still need network permissions that allow you to view and/or change these settings in the "Active Directory".
You'll need a few files from the server version of Windows 2000. The neccesary files vary according to which applet you wish to enable, but you will need some way of either downloading them from the net or getting them from a copy of Windows 2000 Server.
You may be able to get the files from the following page:
http://www.mit.edu/afs/athena/project/ptest/domain/win/experimental/distrib/
You can probably copy the .msc files to the System32 directory to use them as plug-ins, but I just right-click them and use normal or author mode from a more secure directory.
First, I'll explain how to activate dsa.msc.
You'll need the following files:
c:\winnt\system32\dsa.msc
c:\winnt\system32\dsadmin.dll
and optionally:
c:\winnt\system32\fpnwclnt.dll
Then download and merge this file into the registry of that computer: dsa.reg
Copy dsadmin.dll(and fpnwclnt.dll if you choose to) to your Windows 2000 "System32" directory.
You should now be able to use dsa.msc.
Now, I'll explain how to activate domain.msc.
You'll need the following files:
c:\winnt\system32\domain.msc
c:\winnt\system32\domadmin.dll
Then download and merge this file into the registry of that computer: domain.reg
Copy domadmin.dll to your Windows 2000 "System32" directory.
You should now be able to use domain.msc.
This is for people with reasonable computer knowledge: I also believe I have an idea about a possible security flaw with TQCRunAs files and possibly RunAs shortcuts that access programs or batch-files on network drives.
If you manage to setup a share on your own system that you can modify, you can add the directories used in the normal share to the local shared folder, copy something like progman.exe or command.com, or a .bat file with commands of your choice to the relative location, rename it to match the file it runs, and then disconnect the old share, replacing it with a share that has the same letter, but accesses the folder on your own system.
Then, the file that opens up can run programs(show all files in the open menu, and right-click for options associated with that file) and access the network paths(//hostname/c$, and //hostname/admin$ come to mind) with the same privledges you would have if you had logged in using that account name.
This is quite a flaw, and I'm surprised files aren't validated before being opened...and don't do anything stupid if you've used this to get administrator access. Auditing could be enabled, which means they could know which account did what, on what computer, and when. If your actions don't stand out, and nothing's going wrong, they may not notice.
