Re: windows domain question

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 04/19/02


From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: <bejon@supertel.com>, "'Mike Coppins'" <mike@legolas.com>, <focus-ms@securityfocus.com>
Date: Fri, 19 Apr 2002 15:01:19 -0400

But that is not the same as what remains or doesn't *when the laptop is
removed from the domain*. Entirely different situations.

As far as cached credentials, those can be easily controlled via group
policy. Also, it is not as easy as you indicate to "capture and recover"
passwords when somebody connects to a domain resource using cached
credentials. NTLM authentication is, indeed, used, but it's not quite as
simple as running a packet sniffer and voila!, credentials are magically
obtained.

Laura
----- Original Message -----
From: "Bejon Parsinia" <bejon@supertel.com>
To: "'Mike Coppins'" <mike@legolas.com>; <focus-ms@securityfocus.com>
Sent: Friday, April 19, 2002 12:53 AM
Subject: RE: windows domain question

> Mike,
>
> Speaking from experience, depending on the policies in place on the
network,
> the laptop very well could retain sensitive information about the domain.
> My example is as follows, I take my laptop home with me every night. It
is
> running Win2k Pro. I can leave my login information exactly the same as
> when I have it plugged into my domain at the office when I login to the
> laptop at home without any sort of VPN or public access to my network.
>
> What does this mean? The laptop contains cached information (username,
> password, domain name) that does not necessarily expire. I am just
logging
> in to use my laptop at home without connecting to any resources other than
> my internet connection at the house. Dangerous, you bet. You can run
> utilities to capture and recover those passwords very easily. No need to
> disconnect it from the domain whatsoever.
>
> Hope this helps,
>
> Bejon
>
> -----Original Message-----
> From: Mike Coppins [mailto:mike@legolas.com]
> Sent: Thursday, April 18, 2002 9:46 AM
> To: focus-ms@securityfocus.com
> Subject: windows domain question
>
>
> If you connect a machine to a Windows domain, so things like SIDs change,
> machine IDs synchronised, etc, and then disconnected, what happens
exactly?
> Does the node that gets disconnected generate a new machine SID or does
> information get left behind on the node?
>
> Putting the question into a scenario might help :) If a laptop (NT4 or
> Win2k) is connected to a domain, then is removed from the domain (as in,
an
> admin goes into network properties and tells the machine that it is part
of
> a bog standard workgroup again, is the laptop going to retain any
> information that it belonged to a domain before, and possibly security
> sensitive information about the domain?
>
>
>
> --
> Mike Coppins
> mike@legolas.com
> http://www.legolas.com/
> Currently looking for work: http://www.legolas.com/mikes/cv.html
>
>
>



Relevant Pages

  • Re: windows domain question
    ... >> the laptop very well could retain sensitive ... >> in to use my laptop at home without connecting to ... >> disconnect it from the domain whatsoever. ... >> Subject: windows domain question ...
    (Focus-Microsoft)
  • RE: windows domain question
    ... accounts that may help this particular scenario. ... > the laptop very well could retain sensitive ... > in to use my laptop at home without connecting to ... > disconnect it from the domain whatsoever. ...
    (Focus-Microsoft)
  • Re: administer user credentials
    ... to job site and on some sites we are able to create vpn connections. ... While on the subject of credentials, I have a remote user that yesterday was ... log into this laptop. ...
    (microsoft.public.windows.server.sbs)
  • Security of Credenitals Stored in Service Control Manager
    ... In the wake of the laptop being stolen at the Veterans ... To combat this I am looking at possibly logging in as the local SQL ... Service account and simply adding the EFS attribute to its data files. ... This is all for nothing if the credentials are stored in either the ...
    (microsoft.public.security)
  • Re: Authentication woes
    ... User account and laptop account are members of the domain/ AD forest. ... Given the correct credentials user can browse the DC's ... If the user logon with cached credentials, there is on additional check or bypassing the account infos to the DC's when you connect to it. ...
    (microsoft.public.windows.server.active_directory)