Re: [Full-Disclosure] Microsoft plans tighter security measures inWindows XP SP2

From: yossarian (
Date: 11/01/03

  • Next message: Kenton Smith: "Re: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2"
    Date: Sat, 01 Nov 2003 00:25:53 +0100

    > On Fri, 2003-10-31 at 11:12, yossarian wrote:
    > > <snip>
    > > > File and printer sharing is not needed? Remote administration is not
    > > > needed? Maybe not in home use, but in corporate?
    > >
    > > No, sorry Paul. Printers have their own IP address, file and
    > > was introduced for small networks. But since the mid nineties a network
    > > interface became standard in laserprinters- printersharing became a real
    > > issue. File sharing: not for workstations, unless you make backups of
    > > workstation. Not suitable for corporations, user data is corporate
    > > needs a back up so MUST be on a server. It is impossible to secure a
    > > where file and printsharing is common (where is the sensitive info to
    > > secure?) - my personal BOFH way is disable the server service on every
    > > Workstation. And the browser service as well.
    > >
    > What planet are you working on? I have bought 5 printers in the last
    > three years and 2 of those had built-in network cards. The others use
    > "jet-Direct" type interfaces which require software to be installed on
    > the server. You're saying I install this on everyone's workstation so
    > they can connect directly? Uh huh. No file sharing; everything should be
    > stored on a central server. Sure, no problem I'll just go out and drop
    > $100k on a SAN to store it all. *Or* I could take advantage of the fact
    > that every machine I buy comes with at least 40 GB of drive space on it.
    > And I'm sure you're going to suggest thin clients here, so I'll go out
    > and buy a small render farm for my graphics guys to do their 3D work on.

    I usually work for banks and government agencies - yes SAN systems are
    getting fairly normal, nowadays. I think you are in the SoHo market, with 5
    printers in three year, 50 users that develop software - the customer I am
    working for at the moment has some 5000 printers in the network, all HP with
    Jetdirect with an IP adress. I am not a printer admin, so I had to check at
    the HP4000 here at home - nope, it runs even when I turn off the server, all
    you do is install IP printing service on the workstations, not
    printersharing which is a NetBios thingie... Yeah, you can install software
    on the server and share the printer to the users, but to use a shared
    resource you do NOT need to install file and printersharing on the
    workstations. Like I wrote - workstations, NOT servers.

    Jetdirect cards are printerservers, at least the ones in HP's. Connecting a
    printer to a PC IMHO makes it a server, albeit a non-ded one - and it is
    utterly useless. I am not into thin clients for power users, but this has
    absolutely no relation to file or printersharing....

    And I do consider the big disks in new 'puters a waste of capacity, but
    since they cost the same as 4GB few years ago, who cares?
    Dunno how it is on the planet you work on, but PC's get stolen on a fairly
    regular basis, so having data on it is considered insecure. No need for
    firewall, superglue is better here.

    And for the SAN thing - I agree people doing rendering takes a lot of disk
    space, but Joe Average User won't need so much storage - maybe 50MB per
    year. With 2000 users per server - who needs a SAN? Unless you allow them to
    store everything - MP3's, holiday snapshots, downloaded software they aren't
    allowed to install anyway, bedroom movies, every previous version of every
    document, etc. Maybe I am getting old, but what is wrong with disk quota? It
    actually increases efficiency, less time needed to find an older document.
    Different with developers, graphic types et all, I know, but the large
    majority of puterusers type word documents, send e-mail and use big apps
    that are serverbased or mainframe based. So no local data.

    > > Remote administration may be needed, I just said it is rarely used, for
    > > various reasons, the foremost being that the support staff don't know
    > > about the inner workings of windows, MCP or not.
    > Right and what inner workings do I need to know to use my remote patch
    > management software without RPC? It's really handy actually, but then
    > again maybe there's a better way to do it that I'm just to stupid to
    > know about.

    Login script. Daisychaining patches. Basic stuff, really.

    > <snip>
    > Hopefully we can all agree that anything Microsoft can do to attempt to
    > make it's O/S more secure is better than the way it is now.
    What is the use of a wrong attempt? A false feeling of security is actually
    more dangerous.

    Full-Disclosure - We believe in it.

  • Next message: Kenton Smith: "Re: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2"

    Relevant Pages

    • Re: Cannot browse or open shared printers or server on sbs 2003 from client pc
      ... i think the network problem has taken a different turn. ... meanwhile if i access the mapped drives to the server which we setup in the ... my thought now is what is the update mechanism for the printers from the ... I understand the issue to be: client computers can ...
    • Re: Client PCs and NAS not visible on server
      ... Find the iptest.txt files on the C drive of the SBS and the workstation, copy the unedited results from each to your next post here, and let us know which is which. ... but you could change the name of the server and of the domain if you feel you must. ... I normally allow the workstations to print directly to ip printers. ...
    • Re: Print Services with local printers
      ... Then you can set these up on the server. ... from plugging it into their machine and printing locally. ... local printers make sure they do not have these rights. ... As long as the spooler is running, local and network (assuming network ...
    • Re: Client no longer connects to printer on Server
      ... The Windows Firewall has detected an application listening for incoming ... The Security System could not establish a secured connection with the server ... I am loathe the remove the machine from the network, ... Opening the Printers and Faxes dialog both shared printers are ...
    • Re: Hardware Firewall & ISA
      ... That way The data can still get to the printers because the adp network is ... The ADP server is at another dealership and the cisco pix ...