|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Windows Network logon
From: Glenn Pearl (glennp
BROOKE-STAFFING.COM)Date: Tue Aug 29 2000 - 13:39:36 CDT
- Next message: Russel Smith: "Re: Windows Network logon"
- Previous message: John D. Burkett: "Re: Blocking MAC Addresses"
- Maybe in reply to: Wynand Viljoen: "Windows Network logon"
- Next in thread: Russel Smith: "Re: Windows Network logon"
- Next in thread: Russel Smith: "Re: Windows Network logon"
- Maybe reply: Glenn Pearl: "Re: Windows Network logon"
- Reply: Russel Smith: "Re: Windows Network logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We are using such a policy on our network, forcing users to log on to the
network before access is granted to the local machine. With this policy in
force, pressing <Esc> at the Windows 95 logon screen gets a message
indicating that a network logon is required for access.
This works as long as the users are clueless about advanced Windows 95
stuff. It is easily defeated thusly:
At the logon screen, press the 'Windows' key (or <ctrl><Esc>) to bring up
the Win3.11-looking Task Manager. Click 'File, Run', and enter 'control.exe
netcpl.cpl'. This brings up the network properties page, letting anyone
add, remove, or modify the network components. Removing the adapters
entirely, then rebooting causes the machine to come up without networking
enabled, subsequently ignoring the policy.
We do not have Windows 98 machines, so I don't know how this would work on
them.
On NT, you would have to set the policy (or registry?) to disable cached
network profiles. We have not done this, as I believe it would ultimately
cause more headaches than it would solve. Also, on workstations, you can
disable the 'Shut Down' option that's on the logon dialog with a registry
setting change.
When setting up your policies, make sure you run the Windows 95/98 policy
editor on a Windows 95/98 machine to set up policies for Windows 95/98.
Then run the NT policy editor on NT for NT policies. This is explained in
an obscure KB article, the # and name of which escape me now.
Hope this helps.
Glenn Pearl
Brooke Staffing Companies, Inc.
glennpbrooke-staffing.com
> -----Original Message-----
> From: Wynand Viljoen [SMTP:WVNANOTEQ.COM]
> Sent: Tuesday, August 29, 2000 1:49 AM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Windows Network logon
>
> Good day all,
>
> I'm currently busy looking at system policies (ADM files) for Windos 95,
> Windows 98 and Windows NT workstation 4. One of the requirements that I'm
> looking at is forcing a user on any of the above O/S platforms to logon to
> the network when starting up and not bypass the logon in any way. I know
> that Windows has basically no security but still one can achieve this in
> some way through system policies. I would appreciate your views and
> experiences on this issue.
>
>
>
>
> Thanks and Regards
> Wynand Viljoen
> Systems Architect
>
> * +27 12 672 7204 / +27 82 457 1579
> * wvnanoteq.com
- Next message: Russel Smith: "Re: Windows Network logon"
- Previous message: John D. Burkett: "Re: Blocking MAC Addresses"
- Maybe in reply to: Wynand Viljoen: "Windows Network logon"
- Next in thread: Russel Smith: "Re: Windows Network logon"
- Next in thread: Russel Smith: "Re: Windows Network logon"
- Maybe reply: Glenn Pearl: "Re: Windows Network logon"
- Reply: Russel Smith: "Re: Windows Network logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]