Re: Win2k Pro in NT4.0 Domain Environment

From: Joe Terry (jterry@xmission.com)
Date: 02/20/03 

From: "Joe Terry" <jterry@xmission.com>
Date: Thu, 20 Feb 2003 13:20:14 -0700

If you are starting from scratch, i.e. no domains, PDC's, BDC's, etc. you
could save yourself a great deal of work by just installing a W2K AD
environment from just the administration headaches. It is much easier to
tighten security in an AD environment than an NT 4.0 environment. You could
inform your client of the potential long-term costs of administration.

Joe

"Charles Gregory" <charlesgregory@ntlworld.com> wrote in message
news:ujGZxjR2CHA.2644@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> I'm being asked to look at the potential of implementing a system
consisting
> of NT 4.0 backend servers (PDC, BDCs, SMS etc..) with Windows 2000
clients.
>
> I know it's not a nice thing to do and that it's against MS
recommendations
> and the loss in functionality I'd get from the lack of group policy.
Believe
> me when I say that I know it'd be much easier, faster, better, consistant
> etc..etc with Win2k backend and AD - but the client is against AD for this
> piece of work.
>
> The system I'm investigating has high security requirements and therefore
> I'd be looking to apply security settings to Win2k Pro using System
> Policies. I've done a little research and have seen a couple of technet
> articles of things that break when you use System Policies in this way -
has
> anyone out there got any experience of using Win2k desktops in NT 4.0
> domains or can point me to some info or forums on the Web?
>
> Basically - I need some hard evidence of why it's such a bad idea.
>
> Help!
>
> Chas
>
>
>
>

Relevant Pages

  • Its not personal (Was: Re: APACHE$PRIVILEDGED)
    ... As it is a very useful example of UWSS ... Some background on security and privileged application code... ... With OpenVMS constructs including device drivers (or drivers an ... environment -- most anything. ...
    (comp.os.vms)
  • Re: APACHE$PRIVILEDGED
    ... The primary security on OpenVMS and on most other multi-processing operating systems is implemented via the memory management system and via what VAX calls the change-mode routines, via the Alpha SRM PALcode change-mode equivalent, or via what the IA-32 and IA-32e architectures refer to as the call gate. ... With OpenVMS constructs including device drivers )and user-written system services (UWSS; also known as privileged shareable images), these constructs operate in inner processor modes. ... One of the more hazardous situations for system security is a mixed environment; where there are resources shared between trusted and untrusted environments. ... Not only will the operation that requires privileges now be permitted, but other and potentially unintended operations can also be permitted. ...
    (comp.os.vms)
  • RE: IDSIPS that can handle one Gig
    ... the need for IPS ... I hear this every now and then from security people, ... I have yet to see an environment (and I am a consultant so I see ... single Microsoft Windows patch. ...
    (Focus-IDS)
  • RE: Port to z/OS or OMVS?
    ... I must disagree that the z/OS UNIX environment only offers a subset. ... > park when it comes to security. ...
    (bit.listserv.ibm-main)
  • Re: Privilege-escalation attacks on NT-based Windows are unfixable
    ... >>> a well secured network. ... >> So you're basically saying that local privilege escalation doesn't ... > environment, this weakness is well behind other, like user writing down ... > security facilities ...
    (comp.security.misc)