|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Changing local admin PW using vb logon script - can it be encrypted?
From: Nicolas RUFF (nicolas.ruff
gmail.com)
Date: Tue Dec 06 2005 - 04:59:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Agreed - if your users are the least bit savvy, this trick will only buy you 5 minutes while they search for the script decoder, but if they're of the "where is the anykey?" variety, none of them will be any the wiser.
If you want to spare 5 minutes :
http://www.interclasse.com/scripts/decovbe.php
IMHO, it is not a good practice for security people to agree with a "low
grade" solution such as this one.
If you bless "script scrambling", you will be in trouble fighting
against "1-byte XOR encryption", "enterprise-wide pre-shared keys" and
"hardcoded passwords" ...
Why don't you change the local administrator password remotely (using a
WMI script for instance), or even lock down the local administrator
account if your 500 computers are part of a Windows domain ?
It would be much safer than giving away the local admin password in a
script, moreover you cannot be sure that the logon script will run on
*all* workstations in a given timeframe.
Regards,
- Nicolas RUFF
Security Researcher EADS-CRC
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]