OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Windows Network logon
From: Russel Smith (carlosARKPACIFIC.COM)
Date: Tue Aug 29 2000 - 06:25:26 CDT


Hello,

Well with Windows NT Workstation 4 its quite simple to force a user to logon,
in fact this is setup by default. You can choose which domain they are to
logon
to etc.. I dont think I need to explain this as you probably already know
how it
goes.

There is a large problem with Windows 9x. Every single Windows 9x installation
I have ever seen (thats quite a large number) that tries to force a user to
logon
before gaining access to the computer has failed miserably.

A good policy editor you might want to use to 'secure' Windows 9x is
Poledit, a
quick search of your favourite search engine should turn up places to
download this
handy program.

Alas, even with strong policys in place you cannot be sure that users are
forced to
logon to a Windows 9x computer to gain access to it, you could however
easily force
a logon before the user is able to access network resources.

Im not saying it is impossible to secure Windows 9x, but to do that would
be quite
a large task, stripping Windows 9x of much functionality in the proccess.
Im not saying
it is impossible to force a user to logon to a Windows 9x machine before
they are able
to use it, but no doubt this would be a large task. It also depends on the
user you are
trying to force to logon, I have seen some good policy implementations that
work for
your standard users, but more computer litterate users are able to bypass
the so called
'security' with ease.

So far no Windows 9x 'security' or logon 'authentication' has stopped me
gaining access
to the computer.

If you want good security go with Windows NT and not Windows 9x.

At 08:48 AM 8/29/00 +0200, you wrote:
>Good day all,
>
>I'm currently busy looking at system policies (ADM files) for Windos 95,
>Windows 98 and Windows NT workstation 4. One of the requirements that I'm
>looking at is forcing a user on any of the above O/S platforms to logon to
>the network when starting up and not bypass the logon in any way. I know
>that Windows has basically no security but still one can achieve this in
>some way through system policies. I would appreciate your views and
>experiences on this issue.
>
>
>
>
>Thanks and Regards
>Wynand Viljoen
>Systems Architect
>
>* +27 12 672 7204 / +27 82 457 1579
>* wvnanoteq.com
>
>
>