RE: windows domain question
From: Damien Adams (dadams@scientech.com)Date: 04/19/02
- Previous message: Lee Seidman: "RE: windows domain question"
- In reply to: Bejon Parsinia: "RE: windows domain question"
- Next in thread: Mike Coppins: "RE: windows domain question"
- Next in thread: Moorhouse, Walt P: "RE: windows domain question"
- Reply: Mike Coppins: "RE: windows domain question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Damien Adams" <dadams@scientech.com> To: <bejon@supertel.com>, "'Mike Coppins'" <mike@legolas.com>, <focus-ms@securityfocus.com> Date: Fri, 19 Apr 2002 12:22:49 -0400
Actually this feature in Windows 2000 can be disabled. And once the machine
is removed as in the machine is no longer part of that domain I would
believe that this cached account information would be removed.
To remove password caching check out this e-mail, part of a previous thread
entitled "Password Caching"
http://online.securityfocus.com/archive/88/199760
Damien
>-----Original Message-----
>From: Bejon Parsinia [mailto:bejon@supertel.com]
>Sent: Friday, April 19, 2002 12:53 AM
>To: 'Mike Coppins'; focus-ms@securityfocus.com
>Subject: RE: windows domain question
>
>
>Mike,
>
>Speaking from experience, depending on the policies in place on
>the network,
>the laptop very well could retain sensitive information about the domain.
>My example is as follows, I take my laptop home with me every night. It is
>running Win2k Pro. I can leave my login information exactly the same as
>when I have it plugged into my domain at the office when I login to the
>laptop at home without any sort of VPN or public access to my network.
>
>What does this mean? The laptop contains cached information (username,
>password, domain name) that does not necessarily expire. I am just logging
>in to use my laptop at home without connecting to any resources other than
>my internet connection at the house. Dangerous, you bet. You can run
>utilities to capture and recover those passwords very easily. No need to
>disconnect it from the domain whatsoever.
>
>Hope this helps,
>
>Bejon
>
>-----Original Message-----
>From: Mike Coppins [mailto:mike@legolas.com]
>Sent: Thursday, April 18, 2002 9:46 AM
>To: focus-ms@securityfocus.com
>Subject: windows domain question
>
>
>If you connect a machine to a Windows domain, so things like SIDs change,
>machine IDs synchronised, etc, and then disconnected, what happens exactly?
>Does the node that gets disconnected generate a new machine SID or does
>information get left behind on the node?
>
>Putting the question into a scenario might help :) If a laptop (NT4 or
>Win2k) is connected to a domain, then is removed from the domain (as in, an
>admin goes into network properties and tells the machine that it is part of
>a bog standard workgroup again, is the laptop going to retain any
>information that it belonged to a domain before, and possibly security
>sensitive information about the domain?
>
>
>
>--
>Mike Coppins
>mike@legolas.com
>http://www.legolas.com/
>Currently looking for work: http://www.legolas.com/mikes/cv.html
>
>
>
- Previous message: Lee Seidman: "RE: windows domain question"
- In reply to: Bejon Parsinia: "RE: windows domain question"
- Next in thread: Mike Coppins: "RE: windows domain question"
- Next in thread: Moorhouse, Walt P: "RE: windows domain question"
- Reply: Mike Coppins: "RE: windows domain question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
