Re: Workstation security question

From: securemax@hushmail.com
Date: 06/05/02 

From: securemax@hushmail.com
To: jradtke@admin1.umaryland.edu
Date: Tue,  4 Jun 2002 22:59:49 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jason,

IMHO, and following the experience I just had at a customer side, I'm not sure a personnal firewall would help you.. Because, once they have physical acces to the workstation, there is nearly no way to avoid them becoming Local Admin.. (See the Linux BootDisk for Password REcovery. Can't remrber exactly now the name, but Should you need, contact me off list.) Once they are Local Admin, there is no problem to stop the Firewall...

You should more do some control on the local Admin Groups member, and perhaps use some Policy enforcement tools, especially for WKS ussing NT4, not yet Win2k.
Some tools like Sygate do that.

Hope this help. Need more, contact me ..

Cheers,

Max

On 4 Jun 2002 13:00:05 -0000, jradtke@admin1.umaryland.edu wrote:
>
>We have a LAN with a mix of Win2000 and WinNT4 (phasing out the NT4)
>workstations.
>
>The only local user account on the workstation is the admin account. The
>local admin account has no rights on the domain. Users are authenticated
>through their domain accounts.
>
>We have a campus wide firewall.
>
>Should we be concerned enough about someone hacking into the workstations
>and then tapping into our servers to put software based firewalls at each
>workstation.
>
>I would like to thank all of you in advance.
>
>Jason
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wl4EARECAB4FAjz9qbMXHHNlY3VyZW1heEBodXNobWFpbC5jb20ACgkQCxWbQOMkd4HY
9gCfa0PDJmuDkx4McOTYWtAqurRRKUMAnjF3jZQTMpd9223sVQ8JvQQWXB3x
=6Tt3
-----END PGP SIGNATURE-----

Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Relevant Pages

  • Re: How can I change the admin password of all our XP PCs on the doma
    ... You don't go to each workstation and check if that user changed the local admin password. ... If the box has a problem that means you can't use a domain admin account to logon, it is usually quicker to rebuild than troubleshoot. ... If you want to control the Local Administrators on the workstations, just disable the Local Administrator, and then use another GPO or Script that adds a existing security group in your AD as member of the local Administrators on the workstations. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Workstation security question
    ... Turn the workstations into terminals. ... image the computers overnight. ... The only local user account on the workstation is the admin account. ... local admin account has no rights on the domain. ...
    (Focus-Microsoft)
  • Re: How can I change the admin password of all our XP PCs on the doma
    ... We have the same local admin password for all, so I just want to change them all in one go and do this every 3-6 months. ... inquisitive of users to want to be admins on their workstations. ... your next problem is how do you manage the local admin account? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Groups
    ... It is a bad idea to add normal users to the admin account, ... legitimate reasons to add certain users to the local admin accounts. ... Power Users can install most - but not all - software. ... Free Computer Help - http://forums.techarena.in ...
    (microsoft.public.windows.server.active_directory)
  • Re: How do manage your workstations?
    ... if I’m just doing a handful of workstations. ... Only grant users local admin privileges if your employer can ... Maybe there is remote installation system that push program updates ... They that can give up essential liberty to obtain a little temporary ...
    (microsoft.public.windowsxp.general)
Quantcast