Re: Big Windows Security Problem
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 01/09/03
- Next message: Karl Levinson [x y] mvp: "Re: Hacked!! no loading into system."
- Previous message: Karl Levinson [x y] mvp: "Re: security evaluation utility"
- In reply to: Steven L Umbach: "Re: Big Windows Security Problem"
- Next in thread: Tigran Arabadjyan: "Re: Big Windows Security Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Wed, 8 Jan 2003 21:35:58 -0500
Agreed.
PS what you are describing is the way Windows works. It is not necessarily
a security problem, unless you have certain security requirements that this
not be possible.
"Steven L Umbach" <n9rou@attbi.com> wrote in message
news:bKZS9.286629$qF3.27960@sccrnsc04...
> In user properties you can restict a user to log onto certain
> workstations only. You could also create an ipsec policy. For the file
> servers you could configure them to require ipsec security. The
workstations
> could be configured with a respond policy. Since kerberos would be the
> authentication protocol, only domain computers could access the servers
with
> the require policy. If you did not want the overhead of encryption you
could
> configure the server ipsec policy to require AH - authentication header
> only. There are some issues about creating an ipsec policy for a dc
though,
> so I would not suggest that until you researched it and tested it
> thoroughly. Be sure to test out any ipsec policies before implementing
them,
> though they are not hard to disable. Good luck. --- Steve
>
>
> "Robert Brandon" <robrandon@yahoo.com> wrote in message
> news:171001c2b72f$f90bef10$d7f82ecf@TK2MSFTNGXA14...
> > Have just experienced similar problem. It seems a
> > workgroup computer can access a domain resource by using a
> > valid domain user account. It doesn't need to be a member
> > of the domain. How do you get around this? If you have
> > already solved it, please let me know.
> >
> > Thanks.
> >
> >
> > >-----Original Message-----
> > >We are having a problem that has just showed up, at least
> > >it is the first we have noticed it. If a outside
> > >consultant brings in their own computer and hooks into
> > our
> > >network and then logs onto their Local workstation as a
> > >administrator, it allows them to access shares on our
> > >files servers as a administrator. Usually from what i
> > >have been able to notice their computers are in a
> > >workgroup and not a domain. I thought maybe it was the
> > >administrator account that was doing it so i renamed it.
> > >It stopped then getting in as a administrator but when
> > >they try now it comes up with a ID and password box, if
> > >they put in a Valid ID and no password it still lets them
> > >in. I don't know how to fix it. All of our servers are
> > >running Windows 2000 with SP3 i also did hotfixes after
> > >that. Still have the same problem. We require strong
> > >passwords on all of our accounts if that matters and they
> > >have to be at least 10 chars.
> > >
> > >Please help!!!
> > >
> > >Thanks
> > >.
> > >
>
>
- Next message: Karl Levinson [x y] mvp: "Re: Hacked!! no loading into system."
- Previous message: Karl Levinson [x y] mvp: "Re: security evaluation utility"
- In reply to: Steven L Umbach: "Re: Big Windows Security Problem"
- Next in thread: Tigran Arabadjyan: "Re: Big Windows Security Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
