RE: windows domain question

From: Bejon Parsinia (bejon@supertel.com)
Date: 04/19/02


From: "Bejon Parsinia" <bejon@supertel.com>
To: "'Mike Coppins'" <mike@legolas.com>, <focus-ms@securityfocus.com>
Date: Thu, 18 Apr 2002 21:53:29 -0700

Mike,

Speaking from experience, depending on the policies in place on the network,
the laptop very well could retain sensitive information about the domain.
My example is as follows, I take my laptop home with me every night. It is
running Win2k Pro. I can leave my login information exactly the same as
when I have it plugged into my domain at the office when I login to the
laptop at home without any sort of VPN or public access to my network.

What does this mean? The laptop contains cached information (username,
password, domain name) that does not necessarily expire. I am just logging
in to use my laptop at home without connecting to any resources other than
my internet connection at the house. Dangerous, you bet. You can run
utilities to capture and recover those passwords very easily. No need to
disconnect it from the domain whatsoever.

Hope this helps,

Bejon

-----Original Message-----
From: Mike Coppins [mailto:mike@legolas.com]
Sent: Thursday, April 18, 2002 9:46 AM
To: focus-ms@securityfocus.com
Subject: windows domain question

If you connect a machine to a Windows domain, so things like SIDs change,
machine IDs synchronised, etc, and then disconnected, what happens exactly?
Does the node that gets disconnected generate a new machine SID or does
information get left behind on the node?

Putting the question into a scenario might help :) If a laptop (NT4 or
Win2k) is connected to a domain, then is removed from the domain (as in, an
admin goes into network properties and tells the machine that it is part of
a bog standard workgroup again, is the laptop going to retain any
information that it belonged to a domain before, and possibly security
sensitive information about the domain?

--
Mike Coppins
mike@legolas.com
http://www.legolas.com/
Currently looking for work: http://www.legolas.com/mikes/cv.html



Relevant Pages

  • Re: Incorrect network status
    ... Well after simply hibernating the laptop and restarting it the status ... button changes to "disconnect". ... sat connected to the network for a couple of hours the status of my ... I have to wireless devices, ...
    (microsoft.public.windowsxp.network_web)
  • Re: One Users My Documents no longer redirected.
    ... even connect to the network at all because it's a PITA. ... So I would think that a wireless 54 mbps connection would be ... one laptop, and try it for a day or two to see what happens. ... active directory OU as the other users whose redirection works? ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with XP Pro and Home in same Network
    ... the network can be accessed successfully from within My Network Places. ... the laptop is the mb, the laptop can access the network from within My ... Network Places, but the desktops cannot. ... wireless computer never be a server, and certainly not a browser. ...
    (microsoft.public.windowsxp.network_web)
  • RE: The VA Stolen Laptop - Lessons Learned
    ... disabled reaches the laptop? ... make a lot more sense when data is housed on the "work" network and NTFS ... Encrypt it with whatever you like... ... the machine or the user couldn't get to their profile off the network. ...
    (Security-Basics)
  • clarification sought in using XP Pro laptop for domain at work and workgroup at home
    ... I am inquiring for a friend. ... The XP Pro laptop was once configured for a two-computer workgroup. ... "WORKGROUP" as the name of its network affiliation. ...
    (microsoft.public.windowsxp.network_web)