OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lee Seidman (lseidmanyahoo.com)
Date: Fri Apr 19 2002 - 14:59:40 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I believe there is a policy setting in W2K Server that
    will automatically delete cached copies of user
    accounts that may help this particular scenario.

    Can't say for certain, but I think it is an option
    under Active Directory.

    - Lee

    --- Bejon Parsinia <bejonsupertel.com> wrote:
    > Mike,
    >
    > Speaking from experience, depending on the policies
    > in place on the network,
    > the laptop very well could retain sensitive
    > information about the domain.
    > My example is as follows, I take my laptop home with
    > me every night. It is
    > running Win2k Pro. I can leave my login information
    > exactly the same as
    > when I have it plugged into my domain at the office
    > when I login to the
    > laptop at home without any sort of VPN or public
    > access to my network.
    >
    > What does this mean? The laptop contains cached
    > information (username,
    > password, domain name) that does not necessarily
    > expire. I am just logging
    > in to use my laptop at home without connecting to
    > any resources other than
    > my internet connection at the house. Dangerous, you
    > bet. You can run
    > utilities to capture and recover those passwords
    > very easily. No need to
    > disconnect it from the domain whatsoever.
    >
    > Hope this helps,
    >
    > Bejon
    >
    > -----Original Message-----
    > From: Mike Coppins [mailto:mikelegolas.com]
    > Sent: Thursday, April 18, 2002 9:46 AM
    > To: focus-mssecurityfocus.com
    > Subject: windows domain question
    >
    >
    > If you connect a machine to a Windows domain, so
    > things like SIDs change,
    > machine IDs synchronised, etc, and then
    > disconnected, what happens exactly?
    > Does the node that gets disconnected generate a new
    > machine SID or does
    > information get left behind on the node?
    >
    > Putting the question into a scenario might help :)
    > If a laptop (NT4 or
    > Win2k) is connected to a domain, then is removed
    > from the domain (as in, an
    > admin goes into network properties and tells the
    > machine that it is part of
    > a bog standard workgroup again, is the laptop going
    > to retain any
    > information that it belonged to a domain before, and
    > possibly security
    > sensitive information about the domain?
    >
    >
    >
    > --
    > Mike Coppins
    > mikelegolas.com
    > http://www.legolas.com/
    > Currently looking for work:
    > http://www.legolas.com/mikes/cv.html
    >
    >
    >

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Tax Center - online filing with TurboTax
    http://taxes.yahoo.com/