RE: Password Protected Screen Saver and Administrative Password
From: Tom Milliner (tom.milliner_at_verizon.net)
Date: 02/09/05
- Previous message: Olaf Reitmaier: "Re: SAM encripted with syskey"
- Maybe in reply to: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Wed, 9 Feb 2005 14:23:03 -0600
Please verify what I think: if I logoff, the server still functions
normally. Then, I could simply logon to gain control of the
console.
I gather that I could be logged off, and still access the server
via remote desktop control. This still doesn't help the vendor.
The vendor doesn't have a VPN connection, and the server is
inside our firewall.
There is one more idea: since the server is in a common area,
I could make it "headless" (no monitor) and not use a screen
saver at all. I would just as soon avoid that, because it is
easier to deal with the server directly rather than remote
desktop control. For instance, if I am dealing with backup and
restores and the tape unit, it is easier to be at the console.
Or, how about a simple deterrent: unplug the monitor from the
server, and simply replug it. Again, though, I may look at the
server several times a day, and that would be tedious.
If I logged off, then the vendor still could not access the server
in my absence. They would need the administrator password
anyway.
Thanks for your reply. I will copy this to the group; again, I
appreciate the ideas from everyone.
Tom Milliner, CPA, MCSE
Director of Network Services
MetroTex Assc of Realtors
8201 N. Stemmons Frwy
Dallas, TX 75247
www.dfwrealtors.com
mail to: tomm@dfwrealtors.com
(214) 540-2741
-----Original Message-----
From:
Sent: Wednesday, February 09, 2005 11:36 AM
To: tom.milliner@verizon.net
Subject: Re: Password Protected Screen Saver and Administrative Password
Tom,
The point you seem to be missing, is this:
Don't use the screen saver as a tool to secure the machine.
Log out of the machine instead.
There is no reason for you to remain logged onto a machine that you are
not in front of, and using.
Once you start logging off once you are finished in front of the
machine, you will notice all of your other problems will dissapear.
-- Tom Milliner wrote: > The vendor has a lot of customers and routinely uses > GoToMyPC for support. In an ideal world for the vendor, > there would be no password protected screen-saver to > deal with. In other words, they could log on as needed > (different time zones) to do maintenance. The screen- > saver actually is a disruption to them, but since the > server is in a common area, I use it. I also use it > so that I can keep track of the vendor's maintenance > (if something breaks after they log on, then I may > want to call them)...they have to ask us to unlock the > screen-saver. > > When I am not there, a trusted co-worker needs to be > able to unlock the screen-saver. > > I am not understanding the suggestions to make the > trusted co-worker a local administrator. Since the > server is a domain member server, I logon as the > domain administrator. Then it goes to password > protected screen-saver after 60 minutes of inactivity. > I know it needs an administrator's password to unlock > the screen-saver. I have assumed that meant my domain > administrator password instead of a local administrator > password. I will test this tomorrow at work. > > > > Tom Milliner, CPA, MCSE > 2404 Summer Place Dr. > Irving, TX 75062 > (214) 540-2741 > tom.milliner@verizon.net --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Olaf Reitmaier: "Re: SAM encripted with syskey"
- Maybe in reply to: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
