OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: Modifying default behaviour of MS VPN client

From: Raoul Armfield (armfieldamnh.org)
Date: Wed Dec 08 2004 - 14:01:02 CST

Not certain but would it have something to do with the Local Security
options - InteractiveLogon: Number of previous logons to cache? Maybe if
you set that to 0 it will solve this problem. Surely you can even fix this
through a group policy.

Raoul

:-----Original Message-----
:From: Wozny, Scott (US - New York) [mailto:swoznydeloitte.com]
:Sent: Wednesday, December 08, 2004 12:26 PM
:To: marco2; focus-mssecurityfocus.com
:Subject: RE: Modifying default behaviour of MS VPN client
:
:Yes it is. With that checked, it still allows users to clear the
:username and password and have the client retrieve the login
:credentials
:from the cache. Also, we've made sure to uncheck 'automatically use my
:user name and password' to no effect. It appears this just keeps the
:client from trying the login credentials by default, but still allows
:the user to clear their fields in the dialog which causes the client to
:go back to the cache. Puzzling... I think the solution (if there is
:one) will be something lower level in a registry key that will likely
:have a name like 'DontRetrieveLoginCredentialsFromCache=1' or something
:like that but my research into the MSKB hasn't yielded any such key.
:
:Any other suggestions would be greatly appreciated,
:
:Scott
:
:
:-----Original Message-----
:From: Marco Peretti [mailto:marcopneovalens.com] On Behalf Of marco2
:Sent: Wednesday, December 08, 2004 12:05 PM
:To: Wozny, Scott (US - New York); focus-mssecurityfocus.com
:Subject: RE: Modifying default behaviour of MS VPN client
:
:
:Scott
:
:Is the option "Prompt for user name & password" in the Options tab
:checked?
:
:Cheers,
:
:Marco
:
:-----Original Message-----
:From: Wozny, Scott (US - New York) [mailto:swoznydeloitte.com]
:Sent: Wednesday, December 08, 2004 4:24 PM
:To: focus-mssecurityfocus.com
:Subject: Modifying default behaviour of MS VPN client
:
:I have a situation on my hands where users have no username
:and password
:info in the MS VPN connection dialog but when they hit connect the
:client will use the username and password of the currently logged on
:user which grants them a successful authentication. Anyone know how to
:disable this behaviour and require that the user explicitly enter their
:username and password in the connection dialog for each VPN connection?
:
:Thanks,
:
:Scott
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:This message (including any attachments) contains confidential
:information intended for a specific individual and purpose, and is
:protected by law. If you are not the intended recipient, you should
:delete this message. Any disclosure, copying, or distribution of this
:message, or the taking of any action based on it, is strictly
:prohibited.
:
:---------------------------------------------------------------
:---------
:---
:---------------------------------------------------------------
:---------
:---
:
:
:
:This message (including any attachments) contains confidential
:information intended for a specific individual and purpose,
:and is protected by law. If you are not the intended
:recipient, you should delete this message. Any disclosure,
:copying, or distribution of this message, or the taking of any
:action based on it, is strictly prohibited.
:
:---------------------------------------------------------------
:------------
:---------------------------------------------------------------
:------------
:
:

---------------------------------------------------------------------------
---------------------------------------------------------------------------