Re: Scheduling NTBackup to mapped drive

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sat, 7 Aug 2004 21:03:16 -0500

Hi Jared,

You're always welcome to share your opinions and observations on this
list, but we try to run a clean shop here. So while its nice to hear you
had a good day with you SO, this isn't the proper forum to share this
info.

Mark Fugatt is a highly respected member of this list and of the
Exchange Server community in general, and has always been very courteous
and professional in his responses. He's a Microsoft MVP and has earned
it though his contributions to the Microsoft Exchange community, for
which he is not paid.

I haven't reviewed this entire thread, and I actually don't care what
the issues are. Just keep things above board, present your evidence, and
let everyone decide for themselves.

Here's a tip: if you've had a couple of beers today, read the posts but
don't respond the next day. The community has a long memory and it's
hard to get the respect back after saying something you might not had
otherwise said.

(And one more thing for Lefkovics: the only way Cisco is ever going to
get a dollar from me is if they pry it from my cold, dead hands)

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx] 
Sent: Saturday, August 07, 2004 8:24 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive


http://www.MSExchange.org/

Poor newbie. Like I taught Mark, I'll teach you as well.

Next time you're in Maryland, look me up. I'll charge you double though.


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Saturday, August 07, 2004 9:17 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

You sir, are the most arrogant son of a bitch that I have ever had the
misfortune to be on a mail list with.

Your conception of a secure server stinks as there is no such thing as
has
been pointed out to you repeatedly throughout this thread.

There is no point security wise in either logging off or locking a
server as
any IT admin should know, due to the presence of applications like ERD
Commander etc which will let any monkey reset the admin password etc.

The only secure server is the one in the locked security room with RDP
disabled.

Steve



-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Saturday, August 07, 2004 10:06 PM
To: Exchange Weblist
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Hmm... interesting how Mr. Mark Fugatt didn't even know the basic of
Active
Directory and I had to teach him. Could it be that he perhaps doesn't
know
AD or basics of security? That all he has to offer is expertise in
Exchange?
That has been proven here. Or did you just conveniently miss my response
to
his AD newbie email?

While you and Mark were here crying all day, I was having sex with my
girl.

Get a life
 

-----Original Message-----
From: Andy David [mailto:adavid@xxxxxxxxxxxxxxxx]
Sent: Saturday, August 07, 2004 10:11 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

You still havent provided any documentation to back your claims that
this is
more secure than simply logging out or answered how this will protect
against remote access. 
Mark is a friend of mine. He is one of the nicest, funniest, sharpest
guys I
know. You, Sir, are no Mark Fugatt.


 

-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Friday, August 06, 2004 11:41 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Mark, I met you and liked you too, but you're coming across as a HUGE
ass
yourself here. My "arrogance" is only surpassed by yours. You're losing
my
respect.

Answers to your odd responses:

A: My gosh, everyone, even newbie's in here, knows the Guest account is
disabled by default. But it's ENABLED by newbie's. I mean, really, you
don't
think admins out there enable that account? They do all the time all
over
the place.

B: WRONG. You mean a Domain Controllers, NOT a server. I have 110
Windows
servers. I have only 10 domain controllers. That means 100 servers can
be
logged onto (be default) anyone in the "domain users"
group. Mark, I'm surprised you missed the obvious here. And let's not
even
TALK About non-domain member servers. And again, let's forget about
GPO's.
If you stick a server (non-domain controller) that is a member a domain
in
the "domain controllers" OU, then only Domain Admins can log in. That
bit of
expertise will cost you $100.00.

C: I already explained that. Didn't you read my previous posts? Not to
mention, 80 of my servers can't be powered off WITHOUT A KEY, (like ALL
servers should be.) Also, look at the post AFTER this. How about the
patch
installs and reboots? 

I'm getting tired of being right.




-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Friday, August 06, 2004 7:35 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

OK, OK, this is the plan, let move this to another location, and I will
invite some folks from Microsoft Trustworthy Computing and a number of
security experts who do not participate in this list to contribute as it
would appear we all have different opinions, the location can be a) the
Microsoft Public Security Newsgroup or I have no problem hosting a
newsgroup
for the discussion.

Jared, I have met you, I really like you and like many others here value
your contribution, but you are coming across as an arrogant, childish,
prick, you have not provided any authorative statement backing up your
comments, if you make a statement and get challenged on it then you
should
provide supporting evidence not just respond with "why should I find it
for
you", step up to the plate Jared and prove us all wrong, we are all
wrong
sometime.

So, to correct you on some point:

A) the Guest account is disabled by default
B) Only members of the admin group can log in locally to a server and
that's
the default
C) If you lock a workstation, anyone can unlock it by powering off and
on,
same applied to screen saver passwords, so what the difference with this
compared to logging out?


-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Friday, August 06, 2004 4:21 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Children, be nice. I feel like your daddy here youngster.

You come across as a newbie, but that'd doesn't mean you are. It's just
that
your statements are in beginner mode.

Of course one can't log onto a server under "Guest."
My 15 year daughter knows that. I'm talking Servers AND
workstations/laptops. Or do you ONLY believe that security is at the
server
level?? Again, a newbie assumption. My daughter also knows ANY admin can
unlock a locked computer. So, again, what's your point?? If you leave it
logged off, then it can be logged in by ANYONE on the domain if the GPO
isn't set exactly correct. If it's locked by an admin, then ONLY and
admin
can unlock it. 

Again, this is basics here Mr. 13 years of experience, (experience in
desktop support??)










--- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Jared, from the tone of your statements it sounds like you are the one

> who is a "new admin" and "younger". You sound like some punk on a 
> warez list "windoz rulez, linux suks!@" without any foundations for 
> your arguments. How is it more secure to lock it vs loggin off? Answer

> the F#$@ing question?
> 
> I work in the "Paul G Allen center for computer science", I live in 
> Seattle, many of our faculty members work at MS, and many of my 
> friends do too. None of them have ever said that it was policy to 
> 'leave all servers locked'. Yes you must eaither LOCK or LOG OFF, 
> obviously you can't leave on logged on.
> 
> I am definately not a new admin, I have been doing this for 13 years. 
> Your comments are unfounded, and unsupported. Any idiot knows that an 
> administrator can unlock a locked computer. Any idiot knows that guest

> and even regular user accounts can't log on to a server locally.
> 
> What kind of exchange admin has a @yahoo account anyway?
> 
> Tony Anderson
> UW CSE
> 
> 
> 
> ----- Original Message -----
> From: "Jared Johnson" <jaredsjazz@xxxxxxxxx>
> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
> Sent: Friday, August 06, 2004 12:46 PM
> Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive
> 
> 
> > http://www.MSExchange.org/
> >
> > Easy and expected replies to all.
> >
> > You just missed the point, as all new admins do.
> >
> > The point is: It's obviously LESS secure leaving
> the
> > computer logged off, than actually locking it.
> >
> > I mean, DUH
> >
> > --- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx>
> wrote:
> >
> > > http://www.MSExchange.org/
> > >
> > > Security documents might say "lock your computer when you leave"
> > > but they mean that as opposed to leaving it
> logged
> > > on. (not opposed to
> > > logging off)
> > >
> > > Your statements are incorrect:
> > > If you say that locking the computer prevents someone from logging

> > > on as 'Administrator' (presuming it wasn't renamed),
> that
> > > is wrong. An
> > > administrator could unlock a locked computer. A 'GUEST' could not 
> > > log into a server locally anyway, against local policy.
> Same
> > > with Aspnet, or IIS
> > > accounts, they aren't allowed to log on locally.
> (by
> > > default!)
> > >
> > > Besides, if you have a hacker in your server
> room,
> > > he wouldn't need to log
> > > on, he could boot with a bartPE CD or a Linux
> boot
> > > floppy (to change the
> > > admin password
> > > http://home.eunet.no/~pnordahl/ntpasswd/) and
> change
> > > the
> > > admin password or do whatever he wanted. AND
> EVEN IF
> > > your server happens to
> > > be a domain controller, you can still change the local admin 
> > > password and boot up in 'active directory recovery mode' and
> use
> > > the local password.
> > >
> > > Tony
> > >
> > > > Think about it: WHY would you give a hacker
> more
> > > > opportunities to log in to various known
> accounts,
> > > > i.e., GUEST (because of these newbies don't
> > > disable
> > > > that account), the Administrator (because
> newbies
> > > > don't rename the account), or having the
> server
> > > power
> > > > off because of the power profile isn't loaded
> when
> > > > logged out (unless changed, but newbies
> don't),
> > > the
> > > > IIS accounts, the ASPNet accounts, etc. etc.
> > > That's
> > > > just ridiculous to give hackers that easy
> > > opportunity.
> > > >
> > > > I just did a google search and quickly found a
> > > "Five
> > > > Security Steps.." by Microsoft. One of them
> > > mentioned,
> > > > "locking your computer..."
> > > >
> > > > Google it, go to support.microsoft.com, to
> > > dogpile,
> > > > your local professional IT Auditor. You'll
> find
> > > more
> > > > information on it that you'll want to.
> > > >
> > > > --- Mark Fugatt <mark@xxxxxxxxx> wrote:
> > > >
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > Yes, I would like you to provide me with one
> > > link
> > > > > that mentions that locking
> > > > > is more secure than logging out.
> > > > >
> > > > > What was the very first Windows 2000 admin
> book
> > > ever
> > > > > written?, and I will see
> > > > > if I can find reference to it in there.
> > > > >
> > > > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT),
> Jared
> > > > > Johnson wrote
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > Read the posts again. Do your search on
> > > dogpile,
> > > > > read
> > > > > > your beginning admin books. The proof is
> > > > > everywhere.
> > > > > > It's just plain common sense.
> > > > > >
> > > > > > You really want ME to do your research FOR
> > > YOU? Am
> > > > > I
> > > > > > your personal secretary dog? Dont' think
> so.
> > > Read
> > > > > the
> > > > > > very first Windows 2000 admin book ever
> > > written,
> > > > > and
> > > > > > you'll see. Basics my friend.
> > > > > >
> > > > > > --- "Michael B. Smith"
> <michael@xxxxxxxxxx>
> > > wrote:
> > > > > >
> > > > > > > http://www.MSExchange.org/
> > > > > > >
> > > > > > > Have you yet answered ANYONE as to why?
> > > > > > >
> > > > > > > Or provided a reference? Either
> Microsoft or
> > > > > FIPS?
> > > > > > > Or anything else for
> > > > > > > that matter?
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Jared Johnson
> > > > > [mailto:jaredsjazz@xxxxxxxxx]
> > > > > > > Sent: Friday, August 06, 2004 10:58 AM
> > > > > > > To: [ExchangeList]
> > > > > > > Subject: [exchangelist] Re: Scheduling
> > > NTBackup
> > > > > to
> > > > > > > mapped drive
> 
=== message truncated ===



                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
mark@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
adavid@xxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist

This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above. 


Unauthorised use, disclosure, or copying is strictly prohibited and may
be
unlawful. Optimum IT Solutions disclaims any liability for any action
taken
in connection of this E-Mail. The comments or statements expressed in
this
E-Mail are not necessarily those of Optimum IT Solutions or its
subsidiaries
or affiliates.

administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist


Other related posts: