Re: I think I may have found a security oversight.
From: Aaron H (aharrison@DONTBESPAMMINcsilaw.net)Date: 10/17/02
- Previous message: RCC: "Re: Tracking NT User's Web Access"
- In reply to: Pete Grazaitis: "I think I may have found a security oversight."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aaron H" <aharrison@DONTBESPAMMINcsilaw.net> Date: Thu, 17 Oct 2002 16:19:03 -0500
Pete,
Couple of things. One, when a computer is a member of the domain,
and you have UserA on MachineA (member of the domain, Domain) When UserA
access network resources, they're not accessing it as the local user on that
computer, they're accessing it as Domain\UserA. Take a look at the *LOCAL*
users. You may not even see a local user besides Admin, guest, etc. Now
take NotebookA (which is not a domain member). On that notebook, it has
UserA as a local account. When it's trying to access resources on the
network server, SERVER, it tries to authenticate using the local notebook
account UserA and password against the server's resources. If the user is
in luck, there just happens to be a local user on the server with the same
name and password. If either the local user name/password doesn't jive with
the server's local username/passwords, you can't access the resources.
Clear as mud??
-- Aaron H Austin, TX NT/Win2k IT professional fontouk at hotmail dot com"Pete Grazaitis" <pjgratz@yahoo.com> wrote in message news:20f7835.0210091114.a1080ed@posting.google.com... > Here is what I have found out. > > We run a mixed environment, native domain windows 2000 network. We > use group policies and scripts to control our connecting clients, > which are a mix of workstation's,servers's and laptop's. Since laptop > people are in and out of the office they tend to just log in locally. > This is fine except for the unfortunate ability to completely > circumvent our login scripts and group policies. However, they do > have the ability (provided using the same name and password) to get at > all of the shares on the network. It doesnt matter if the share has > all NTFS permissions based on the domain and the connecting client is > not part of the domain. This happens whether the NTFS permissions are > defined on the user, global group, or local group objects. Is this a > big problem, or am I overlooking something. > > The other thing I noticed was an XP client that thought one of the > login scripts was a potential virus and allowed the user to terminate > it. Anyway to lock that down too?
- Next message: CTO: "Security Policy - HIPPA Guidelines Template Format - 11"
- Previous message: RCC: "Re: Tracking NT User's Web Access"
- In reply to: Pete Grazaitis: "I think I may have found a security oversight."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
