Re: Workstation security question

From: Marcus Ballance (marcus.ballance@ecbbancorp.com)
Date: 06/04/02


Date: Tue, 04 Jun 2002 15:05:19 -0400
From: "Marcus Ballance" <marcus.ballance@ecbbancorp.com>
To: <jradtke@admin1.umaryland.edu>, <focus-ms@securityfocus.com>

We are in the process of implementing a RIS based solution as we have
seen many educational facilities do. Image the computers with
frequency. Turn the workstations into terminals. All of the user's
information should be stored elsewhere on the network anyway so just
image the computers overnight. This way you can change the local admin
password however often you choose and the change is replicated to all
machines. This would also alleviate any issues of trojans or other back
door viruses.

Just think.. a hacker could sit around waiting all day for the computer
lab to empty. As he's just about to steal or otherwise damage your
system, the computer is restarted and his little trojan is obliterated.
Cool huh.

Of course this type of solution should be a supplement to good network
security practices.

Marcus

>>> <jradtke@admin1.umaryland.edu> 06/04/02 09:00AM >>>

We have a LAN with a mix of Win2000 and WinNT4 (phasing out the NT4)
workstations.

The only local user account on the workstation is the admin account.
The
local admin account has no rights on the domain. Users are
authenticated
through their domain accounts.

We have a campus wide firewall.

Should we be concerned enough about someone hacking into the
workstations
and then tapping into our servers to put software based firewalls at
each
workstation.

I would like to thank all of you in advance.

Jason



Relevant Pages

  • Re: How can I change the admin password of all our XP PCs on the doma
    ... You don't go to each workstation and check if that user changed the local admin password. ... If the box has a problem that means you can't use a domain admin account to logon, it is usually quicker to rebuild than troubleshoot. ... If you want to control the Local Administrators on the workstations, just disable the Local Administrator, and then use another GPO or Script that adds a existing security group in your AD as member of the local Administrators on the workstations. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Workstation security question
    ... You should more do some control on the local Admin Groups member, and perhaps use some Policy enforcement tools, especially for WKS ussing NT4, not yet Win2k. ... >The only local user account on the workstation is the admin account. ... >Should we be concerned enough about someone hacking into the workstations ...
    (Focus-Microsoft)
  • Re: Im Stumped...
    ... I attempt to access the server via the UNC path. ... On 6 workstations I had no problems but 2 of ... involved plus I didnt feel the problem was the account I was using since ... I tried renaming on of the computers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Allowing Remote Admin Some Control
    ... > This scenario will only allow him to join computers to the domain if he ... If you need to give him local admin rights on the ... > workstations, then you will need to use a group policy on the OU. ... If the server is a DC, then you will have to grant ...
    (microsoft.public.windows.server.active_directory)
  • Re: Im Stumped...
    ... I attempt to access the server via the UNC path. ... involved plus I didnt feel the problem was the account I was using since it ... still do not see objects in the Computer container for the two workstations, ... I tried renaming on of the computers, ...
    (microsoft.public.windows.server.active_directory)