Re: Re: [PLUG] Linux boot disk to replace XP Admin password?

brian on Mon, 20 Jan 2003 15:38:15 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Re: [PLUG] Linux boot disk to replace XP Admin password?

From: brian@bpmohr.com

To: plug@lists.phillylinux.org

Subject: Re: Re: [PLUG] Linux boot disk to replace XP Admin password?

Date: Mon, 20 Jan 2003 15:37:25 -0500 (EST)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Physical Security becomes the key factor here. I know you are talking about a client, but as a best practice information that should be secured should not be on a local client, it should be stored on the server. And the server should be physically secured. Brian M. ----- In Response To ----- > Using this utility works when trying to just blank the password for > Administrator. However, you cannot login as administrator (or use the > 'runas' service) unless you lower the workstation's overall security policy > by allowing blank password length in account policies and disabling the > 'Limit local account use of blank passowrds to console login only' policy in > Local Security Settings. > > I see this as a major threat to security of local workstations in an > enterprise environment. Why? Because now someone can use this utility to > blank out the password of the local Administrator account and quietly access > the contents of the workstation's disk from somewhere else on the local > network. If are trusting a client accessible machine to lockdown a server, game over, forget about security. If have a bootable cdrom drive on a machine, game over, forget about security. There's really nothing you can do to lock down a client accessible machine. Even a bios password can usually be reset by resetting a jumper. Then one can merely boot w/ the appropriate disk to gain access. Heck, now that they have these new bootable firewire drives, any machine that supports that is also wide open. Mac hardware users can talk more about this. Can one put the macos on a iPod and use it to boot a mac? I don't know. Anyway, I appreciate your comment about how windows protocols mean that a compromised client can compromise the server. I didn't know that, and I'm not an expert on security. Can someone please post how to stop this? If I have an NT box locked down as a fileserver only, in a closet, how do I assure that this isn't broken into when someone knocks over the public terminal clients? Fred Ollinger _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug Experience Borneo Electronically! Visit e-borneo.com at http://www.e-borneo.com/ _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Prev by Date: [PLUG] Re: Linux boot disk to replace XP Admin password?

Next by Date: Re: [PLUG] Linux boot disk to replace XP Admin password?

Previous by thread: Re: [PLUG] Linux boot disk to replace XP Admin password?

Next by thread: [PLUG] Joystick detected, but not...

Index(es):

Date

Thread