Re: Does the SCW break Windows Firewall?
From: David Beder [MSFT] (dbeder_at_online.microsoft.com)
Date: 08/25/05
- Next message: Andrew Hayes: "Re: Grant Object Access"
- Previous message: Steven L Umbach: "Re: Uergent help needed"
- In reply to: news_at_mail.adsl4less.com: "Re: Does the SCW break Windows Firewall?"
- Next in thread: news_at_mail.adsl4less.com: "Re: Does the SCW break Windows Firewall?"
- Reply: news_at_mail.adsl4less.com: "Re: Does the SCW break Windows Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Aug 2005 01:27:41 -0700
Yes, this feature was difficult to work with. The initial design was on
XPsp2 where we didn't want home users (we advocate that corporate machines
be managed via group policy) accidentally enabling the setting due to how
big a surface area it potentially opens. Advanced users who had researched
the affects of enabling it are expected to implement via command line or
group policy. Such a user is likely to prefer the richness of the command
line output for monitoring the system so would be reminded often that the
setting was in affect.
When we moved to WS03sp1 we still weren't sure that this should be exposed
in the control panel for the server admin to quickly access. My worry was
that quick access could too easily lead to quick enabling, and with the move
to documentation being only on-line, it might be inappropriately used.
Compared with XP, the RPC exposure is typically a lot higher on servers so
the ramifations of turning it on when you shouldn't seemed pretty bad. I was
also worried (silly as it might sound) for English versions of the OS, where
we'd gotten a lot of beta feedback that Remote Administration was getting
confused with Remote Assistance.
This issue is still being periodically discussed, but I don't know whether a
change will eventually be made.
-- David Microsoft Windows Networking This posting is provided "AS IS" with no warranties, and confers no rights. <news@mail.adsl4less.com> wrote in message news:1124812554.694494.163060@g49g2000cwa.googlegroups.com... > Thank you David for your reply. Indeed you are right: Remote admin mode > was enabled. Disabling it prevented drive mapping. > > IMHO, it is worrying that the File and Printer sharing can be unticked > in the firewall leaving many users and admins thinking that the > firewall was now preventing drive mapping to their server / desktop, > whereas the remote admin mode "overrides" this and allows drive mapping > - a bit like a backdoor into the system. (I would have succumbed to > this myself had I not been penetration testing in a lab. Just goes to > show how important it is to lab test before going into production!) >
- Next message: Andrew Hayes: "Re: Grant Object Access"
- Previous message: Steven L Umbach: "Re: Uergent help needed"
- In reply to: news_at_mail.adsl4less.com: "Re: Does the SCW break Windows Firewall?"
- Next in thread: news_at_mail.adsl4less.com: "Re: Does the SCW break Windows Firewall?"
- Reply: news_at_mail.adsl4less.com: "Re: Does the SCW break Windows Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
