Re: An enterprise full of hackers



In news:RickDash.2bz5uk@xxxxxxxxxxxx,
RickDash <RickDash.2bz5uk@xxxxxxxxxxxx> typed:
'Lanwench [MVP - Exchange Wrote:
']In news:RickDash.2byuqk@xxxxxxxxxxxx,
RickDash RickDash.2byuqk@xxxxxxxxxxxx typed:-
I work in an enterprise of over 5000 employees everyone of them I do
not trust. What is the best method of securing administrative
machines to keep curious users away from them. Our enterprise is a
mixed w2k3,win2k,NT4 server environment and win xp pro, win2k pro and
nt4 desktop environment. We have over 2500 mobuler users to boot.
We have noticed in several audits of our administrative maches that
other users have been attemting access to admin machines. Is there a
way of hiding the machines themselves and still allow rdp from
administrators over the netwrork or vpn etc?-


I'd probably post this in a Windows server group if I were you.

Some basics? Make sure you have good physical security in place
(nothing
else really matters as much). Don't give any users more than regular
'user'
rights. Use only NTFS. Use the Windows firewall. Don't allow
non-admins to
use RD. Use group policy (but it won't work for your NT boxen; they
ought to
be upgraded / replaced anyway at this point!). Enable strict
auditing,

complex passwords, forced changes, forced pw-protected screensavers.

All this has been done but they keep finding avenues of exploration.
What I was trying to find is a way of hiding the machine from network
view while still maintaining remote access.

If they can't get into it, who cares if they can see it?

What you have here is more of an HR issue than a technical one. As a wise
man said, "There are seldom good technological solutions to behavioral
problems" - if you have a written computer use policy that states that users
cannot do XYZ, and they do XYZ, make sure management knows about it.

If you don't have a written computer use policy, get one.


.

Relevant Pages

  • Re: Restricted Groups Not Working
    ... 2:Please bear in mind that 90% of the policy is applying it only seems to be the restricted groups section that isnt taking effect and 'allow to load and unload device drivers' which also doesnt seem to be working. ... Also all machines are running SP2 and with the latest hotfixes as provided by our SUS server. ... When adding users to the "Administrators" group, remember that you can't browse for that group, you have to type "Administrators". ... In the "Members of this group", browse for the "Global Security Group" created in Step 1. ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy - Pushing out Software
    ... going to VNC into the computer, log on as the local Admin and do my thing". ... I would suspect that you are familiar with 'updates' via GPO. ... I know the way we access users machines using Remote Desktop ... > life easy for 2 administrators keeping 80 users machines updated. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Restricted Groups Not Working
    ... Also all machines are running SP2 and with the latest hotfixes as provided by our SUS server. ... I can get the policy to apply to a machine occasionly but this seems to be intermittent. ... When adding users to the "Administrators" group, remember that you can't browse for that group, you have to type "Administrators". ... If the template is the issue, you can edit it and it will contain the GUID of the GPO from which it came so you can fix manually in the sysvol or via gpedit. ...
    (microsoft.public.windows.group_policy)
  • RE: locked out of XP, need file access
    ... The example of the car thief was taken out of proportion by some--Yes ... forgotten the admin password to both my w2k machines at home. ... i think it's more up to the local administrators to try to keep a close eye ...
    (Security-Basics)
  • Re: Securing Enterprise Policy from local admins
    ... >>The enterprise policy level affects every computer and user on the network ... the settings changes to the individual machines on the network. ... > Enterprise security policy that cannot be secured at the Enterprise level. ...
    (microsoft.public.dotnet.security)