Re: Local Administrator Account
- From: DevilsPGD <spam_narf_spam@xxxxxxxxxxxx>
- Date: Wed, 18 Apr 2007 00:28:10 -0600
In message <FBE6899C-5A4D-412C-8FE8-30B54C7B1266@xxxxxxxxxxxxx> John
<John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Can you explain to me more about the fact that is is by design? Can you
point me to resouces that explains this? Thanks in advance.
The long and short of it is that Windows attempts to authenticate using
your current credentials by default. This allows a lot of things to
"just work" (especially when domain and workgroup PCs are interacting,
or PCs of different domains)
Is it a security breech? In my opinion, yes, although defeatable with a
sufficiently strong password, rotated reasonably frequently.
At a minimum, it reveals a hashed version of your password, which is
sufficient to allow a brute-force attack (whereas a brute-force attack
that required login attempts would eventually get blocked by account
lockout policy, a hash brute force attack would never get locked out)
Is it configurable? As far as I know, no.
--
I'd give my right arm to be ambidextrous.
.
- References:
- Re: Local Administrator Account
- From: Joe Richards [MVP]
- Re: Local Administrator Account
- Prev by Date: Re: Error issuing certificates from WS03 cert svc
- Next by Date: Re: local security policy on windows 2003 server
- Previous by thread: Re: Local Administrator Account
- Next by thread: Re: Local Administrator Account
- Index(es):
