Re: Password Protected Screen Saver and Administrative Password
From: Thor (Hammer of God) (thor_at_hammerofgod.com)
Date: 02/09/05
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #227"
- In reply to: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
- Next in thread: Patton Roub: "Re: Password Protected Screen Saver and Administrative Password"
- Maybe reply: Patton Roub: "Re: Password Protected Screen Saver and Administrative Password"
- Reply: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <tom.milliner@verizon.net>, <focus-ms@securityfocus.com> Date: Wed, 9 Feb 2005 10:42:13 -0800
I think the suggestion of a local admin was for the remote vendor, not the
trusted co-worker... It is hard to tell, as the request is somewhat
confusing...
If I understand correctly, you log into the member server as the domain
administrator, letting the screen saver lock after 60 minutes since it is in
a common area. You have a remote vendor that uses GoToMyPC to perform
maintenance on your server, but you do not want to give them the domain
admin password-- rather, you want them to have to ask first, allowing you to
track access, even though when you unlock the screen, they have full access
to not only the member server, but the rest of your entire network as a
domain administrator. When you are not there, you want to have a different
person, the "trusted co-worker" unlock the screen for the vendor, but you
don't want him to have the domain admin password either-- rather, you want
him to be a normal user, but unlock the password locked screen saver to
resume the domain administrator interactive logon session.
Is this really what you are saying?
T
----- Original Message -----
From: "Tom Milliner" <tom.milliner@verizon.net>
To: "'Patton Roub'" <proub@state.wy.us>; <focus-ms@securityfocus.com>
Sent: Tuesday, February 08, 2005 6:11 PM
Subject: RE: Password Protected Screen Saver and Administrative Password
> The vendor has a lot of customers and routinely uses
> GoToMyPC for support. In an ideal world for the vendor,
> there would be no password protected screen-saver to
> deal with. In other words, they could log on as needed
> (different time zones) to do maintenance. The screen-
> saver actually is a disruption to them, but since the
> server is in a common area, I use it. I also use it
> so that I can keep track of the vendor's maintenance
> (if something breaks after they log on, then I may
> want to call them)...they have to ask us to unlock the
> screen-saver.
>
> When I am not there, a trusted co-worker needs to be
> able to unlock the screen-saver.
>
> I am not understanding the suggestions to make the
> trusted co-worker a local administrator. Since the
> server is a domain member server, I logon as the
> domain administrator. Then it goes to password
> protected screen-saver after 60 minutes of inactivity.
> I know it needs an administrator's password to unlock
> the screen-saver. I have assumed that meant my domain
> administrator password instead of a local administrator
> password. I will test this tomorrow at work.
>
>
>
> Tom Milliner, CPA, MCSE
> 2404 Summer Place Dr.
> Irving, TX 75062
> (214) 540-2741
> tom.milliner@verizon.net
>
> -----Original Message-----
> From: Patton Roub [mailto:proub@state.wy.us]
> Sent: Tuesday, February 08, 2005 6:22 PM
> To: focus-ms@securityfocus.com; tom.milliner@verizon.net
> Subject: Re: Password Protected Screen Saver and Administrative Password
>
> Is this a Windows 2000 Server or Windows Server 2003? If it
> is, then you should consider terminal services in maintenance
> mode. It requires no additional license purchases (two are free)
> and your vendor can connect without going through a fourth
> party's server equipment (GoToMyPC)(trusted?/untrusted?)
> to get there. They would log in as themselves (event logging
> good) and their access rights can be controlled. In terminal
> services, they also would not see your screen saver as they
> would have their own session/desktop/etc.
>
> Patton Roub, BSEE, MCSE
> proub@state.wy.us
>
>
>
>
>>>> "Tom Milliner" <tom.milliner@verizon.net> 2/7/2005 8:07:04 PM >>>
>
>
> Does someone know a way to allow a normal user to
> release a server password protected screen-saver
> without giving the user the administrator password?
>
> I need this so that third-party support can access
> our server via GoToMyPC when I am not there. The
> password protected screen-saver blocks them from
> remote access to fix problems. I cannot always be
> on-site to assist by supplying the screen-saver
> password.
>
>
> Tom Milliner, CPA, MCSE
> tom.milliner@verizon.net
>
>
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #227"
- In reply to: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
- Next in thread: Patton Roub: "Re: Password Protected Screen Saver and Administrative Password"
- Maybe reply: Patton Roub: "Re: Password Protected Screen Saver and Administrative Password"
- Reply: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
