Re: Domain logon without network connection + group policies

From: STEVE MAKOUSKY (SMAKOUS1_at_FAIRVIEW.ORG)
Date: 01/27/05

  • Next message: Pidgorny, Slav: "RE: Dhcp security" 
    Date: Thu, 27 Jan 2005 15:41:15 -0600
To: <focus-ms@securityfocus.com>

    I believe you want to set the local security policy to deny local
    login.

    Steve C. Makousky
    Sr. Information Security Analyst
    Fairview IS
    2020 Minnehaha Ave. So.
    Minneapolis, Minnesota 55404
    W-612.672.6788
    C-651.248.9612
    smakous1@fairview.org

    >>> Manuel Sousa <manuel.sousa@gmail.com> 1/27/2005 6:57:33 AM >>>
    Hi,

    I've realized that it's possible to logon to a domain without a
    network connection and bypass the group policies.

    This provides false security when deploying policies that restrict
    user permissions, so my question is:
    1. Is it possible to forbid logon if the workstation can't connect to
    the Domain Controller;
    2. Or is it possible to have a cache of the group policies so that if
    the workstation doesn't have network, it uses the last policies?

    One workaround is deploying the policies as local ones, but that
    removes the flexibility of deploying / changing the policies from the
    domain, so i'm open for other suggestions.

    Thanks in advance,
    Manuel Sousa

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    The information transmitted in this e-mail is intended only for the person or entity to which it is addressed
    and may contain confidential and/or privileged material, including “protected health information.” If you are
    not the intended recipient, you are hereby notified that any review, retransmission, dissemination,
    distribution, or copying of this message is strictly prohibited. If you have received this communication in
    error, please destroy and delete this message from any computer and contact us immediately by return e-mail.
    <<<<P.H.I.>>>>

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Pidgorny, Slav: "RE: Dhcp security"

    Relevant Pages

    • RE: Mass Distribution of Security Policies
      ... It could start with a Network usage agreement, (Advisory Policy) to all ... Mass Distribution of Security Policies ...
      (Security-Basics)
    • RE: Security Policy-Please help
      ... your Masters in Systems & Network Security, ... Before you begin writing policies, you deffinetly want to make sure you've ... SANS Security Policy Project at http://www.sans.org/resources/policies/. ... L0phtcrack is one of the better tools for testing password ...
      (Security-Basics)
    • Re: Least User Priviledges for Network Administrators
      ... It makes sense to have a chain of command and approval policy to keep things ... the computer use policies, software purchasing policies, security ... upper management--both within the Network Technology group, ... driving the process of tightening down security. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Least User Priviledges for Network Administrators
      ... computer use policies, software purchasing policies, security policies, etc. ... management--both within the Network Technology group, and at the top of the ... Policy. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Question for Roger Abell
      ... may have been one about how to imprint the same local policy ... Notice that "local security ... I notice that my Local Security Policy contains Account Policies, ... The security template only contains Account Policies (which ...
      (microsoft.public.windows.group_policy)