Re: Easy question on the local admin passwords
- From: boomboom999@xxxxxxxxx
- Date: 7 Jul 2006 16:56:57 -0700
Steven L Umbach wrote:
With a Group Policy "startup" script users do not need read access to the
script in sysvol. You can remove authenticated users and add domain
computers with read/list/execute instead. You will also have a potential
problem in that the startup script will not be run until the computer is
restarted on the domain. You might want to use different local administrator
password on the laptops than the workstations. --- Steve
Thanks Steve,
That seems to be a more secure solution.
But I think it is still trivial to circumvent.
Any user that manages to run a script under LocalSystem (for any
reason) can acces the administrator password in clear text. As I can
trust totally all the workstations (there are some of them that are
operated by knowledgeable users with administrative rights) I would
prefer do not offer the password in that manner.
.
- Follow-Ups:
- Re: Easy question on the local admin passwords
- From: Joe Richards [MVP]
- Re: Easy question on the local admin passwords
- From: boomboom999
- Re: Easy question on the local admin passwords
- From: boomboom999
- Re: Easy question on the local admin passwords
- References:
- Easy question on the local admin passwords
- From: boomboom999
- Re: Easy question on the local admin passwords
- From: Steven L Umbach
- Easy question on the local admin passwords
- Prev by Date: Re: Easy question on the local admin passwords
- Next by Date: Re: Easy question on the local admin passwords
- Previous by thread: Re: Easy question on the local admin passwords
- Next by thread: Re: Easy question on the local admin passwords
- Index(es):
Relevant Pages
|
