Re: Local Session Authentication Cache

There is certainly nothing wrong with defense in depth. Since you enforce
that the screen saver is locked after a period of inactivity you already
have a mechanism in place to prevent access to the share from unauthorized
users and maybe you need to tweak those settings to use less idle time
before locking the desktop though I can imagine that users will resist such.
Having said that and to answer your direct question I don't know of a way to
do what you want. What you might try is to create a Scheduled Task on the
user's computer that is activated after a period of idle time to run a batch
file that uses something like the net use * /delete command to disconnect
all sessions or you can configure it to delete a specific session to see if
that does what you want or not. Schtasks can create Scheduled Tasks via the
command line. Also keep in mind that XP users may be using "stored
credentials" to access the shares that can make the connection seamless
which can be disabled via Group Policy.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/schtasks.mspx
--- schtasks.

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_vkxx.asp
--- stored credentials


<chuck.meredith@xxxxxxxxx> wrote in message
news:1138202022.322111.178940@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
>
> Hi Steve,
> Our users have been instructed to lock their PCs when they are
> unattended and we do have the locked screensavers enabled. But as an
> added layer of security, I wanted to be able to disconnect the session
> and force them to authenticate when they access the share again. We
> have auditing turned up on those particular shares, so we want to log
> all session attempts.
>
> And I know that the share and server is visible through the CL but
> unless someone is using a ping sweep on our network or other
> enumeration tool, no one will know it's out there (another layer of
> security.) Also, being separate from the domain (in a Workgroup) means
> that any and all domain accounts do not apply. So an intruder would 1)
> have to get access to the network, 2) enumerate and 'find' this
> particular server 3) try to brute force it 4) and have to avoid being
> detected by the IDS and audit logs.
>
> I'm not trying to be overly confident; I'm really interested in anyone
> that could see potential problems with this setup. The goal is to have
> the shares as secure as possible (even from domain/enterprise admins).
>
> I appreciate your reply Steve and welcome any other insight you might
> have.
> Regards,
> Chuck
>


.

Relevant Pages

  • Re: Unwanted web activity
    ... I didn't check all the shares but some passwd protection ... Null Session to 65.69.127.117 successful. ... No Workstation Transports available. ... Did not retrieve local users. ...
    (alt.computer.security)
  • Re: F8 hangs after 10 minutes inactivity on Dell optiplex 755
    ... blank white window where it should show the screen saver options, ... If I leave the X session idle for long enough, ... Since 'fglrx' is from ... dual head and just deal with the annoyance or having to restart my X ...
    (Fedora)
  • Re: ts2003, users hung at black screen
    ... the router can still think that the session can be disconnected. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... this the place to change the group policy for the screen saver? ...
    (microsoft.public.windows.terminal_services)
  • Re: Null Session
    ... You can use cain and abel to see the shares present in the remote system. ... session is open. ... Cenzic Hailstorm finds vulnerabilities fast. ... message or its attachments to anyone. ...
    (Pen-Test)
  • Re: How to unlock the console?
    ... It didn't ask to unlock the screen saver anymore. ... >>> After i connected to the console session of the WIN2K3(DC,TS Server) ...
    (microsoft.public.windows.terminal_services)
Quantcast