Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Lee Seidman (lseidmanyahoo.com)
Date: Fri Apr 19 2002 - 14:59:40 CDT
I believe there is a policy setting in W2K Server that
will automatically delete cached copies of user
accounts that may help this particular scenario.
Can't say for certain, but I think it is an option
under Active Directory.
--- Bejon Parsinia <bejonsupertel.com> wrote:
> Speaking from experience, depending on the policies
> in place on the network,
> the laptop very well could retain sensitive
> information about the domain.
> My example is as follows, I take my laptop home with
> me every night. It is
> running Win2k Pro. I can leave my login information
> exactly the same as
> when I have it plugged into my domain at the office
> when I login to the
> laptop at home without any sort of VPN or public
> access to my network.
> What does this mean? The laptop contains cached
> information (username,
> password, domain name) that does not necessarily
> expire. I am just logging
> in to use my laptop at home without connecting to
> any resources other than
> my internet connection at the house. Dangerous, you
> bet. You can run
> utilities to capture and recover those passwords
> very easily. No need to
> disconnect it from the domain whatsoever.
> Hope this helps,
> -----Original Message-----
> From: Mike Coppins [mailto:mikelegolas.com]
> Sent: Thursday, April 18, 2002 9:46 AM
> To: focus-mssecurityfocus.com
> Subject: windows domain question
> If you connect a machine to a Windows domain, so
> things like SIDs change,
> machine IDs synchronised, etc, and then
> disconnected, what happens exactly?
> Does the node that gets disconnected generate a new
> machine SID or does
> information get left behind on the node?
> Putting the question into a scenario might help :)
> If a laptop (NT4 or
> Win2k) is connected to a domain, then is removed
> from the domain (as in, an
> admin goes into network properties and tells the
> machine that it is part of
> a bog standard workgroup again, is the laptop going
> to retain any
> information that it belonged to a domain before, and
> possibly security
> sensitive information about the domain?
> Mike Coppins
> Currently looking for work:
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax