Check or Attack Name: Backup Operator

A user was found in the Backup Operators group that is not typically a member of this group. Verify that the user should be a member of this group.

False Positives: If the user is a legitimate member of this group, then this is not a vulnerability.

If the user should not be a member of this group, remove the user from the group. To remove a user from a group, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user in the list.
3. From the User menu, select Properties to display the User Properties dialog box.
4. Click Groups to display the Group Memberships dialog box.
5. From the Member of list, select Backup Operators and click Remove.
6. Click OK.