Re: Scheduling NTBackup to mapped drive
- From: Jared Johnson <jaredsjazz@xxxxxxxxx>
- To: "\[ExchangeList\]" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 6 Aug 2004 12:46:53 -0700 (PDT)
Easy and expected replies to all.
You just missed the point, as all new admins do.
The point is: It's obviously LESS secure leaving the
computer logged off, than actually locking it.
I mean, DUH
--- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
>
> Security documents might say "lock your computer
> when you leave"
> but they mean that as opposed to leaving it logged
> on. (not opposed to
> logging off)
>
> Your statements are incorrect:
> If you say that locking the computer prevents
> someone from logging on as
> 'Administrator' (presuming it wasn't renamed), that
> is wrong. An
> administrator could unlock a locked computer. A
> 'GUEST' could not log into a
> server locally anyway, against local policy. Same
> with Aspnet, or IIS
> accounts, they aren't allowed to log on locally. (by
> default!)
>
> Besides, if you have a hacker in your server room,
> he wouldn't need to log
> on, he could boot with a bartPE CD or a Linux boot
> floppy (to change the
> admin password
> http://home.eunet.no/~pnordahl/ntpasswd/) and change
> the
> admin password or do whatever he wanted. AND EVEN IF
> your server happens to
> be a domain controller, you can still change the
> local admin password and
> boot up in 'active directory recovery mode' and use
> the local password.
>
> Tony
>
> > Think about it: WHY would you give a hacker more
> > opportunities to log in to various known accounts,
> > i.e., GUEST (because of these newbies don't
> disable
> > that account), the Administrator (because newbies
> > don't rename the account), or having the server
> power
> > off because of the power profile isn't loaded when
> > logged out (unless changed, but newbies don't),
> the
> > IIS accounts, the ASPNet accounts, etc. etc.
> That's
> > just ridiculous to give hackers that easy
> opportunity.
> >
> > I just did a google search and quickly found a
> "Five
> > Security Steps.." by Microsoft. One of them
> mentioned,
> > "locking your computer..."
> >
> > Google it, go to support.microsoft.com, to
> dogpile,
> > your local professional IT Auditor. You'll find
> more
> > information on it that you'll want to.
> >
> > --- Mark Fugatt <mark@xxxxxxxxx> wrote:
> >
> > > http://www.MSExchange.org/
> > >
> > > Yes, I would like you to provide me with one
> link
> > > that mentions that locking
> > > is more secure than logging out.
> > >
> > > What was the very first Windows 2000 admin book
> ever
> > > written?, and I will see
> > > if I can find reference to it in there.
> > >
> > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT), Jared
> > > Johnson wrote
> > > > http://www.MSExchange.org/
> > > >
> > > > Read the posts again. Do your search on
> dogpile,
> > > read
> > > > your beginning admin books. The proof is
> > > everywhere.
> > > > It's just plain common sense.
> > > >
> > > > You really want ME to do your research FOR
> YOU? Am
> > > I
> > > > your personal secretary dog? Dont' think so.
> Read
> > > the
> > > > very first Windows 2000 admin book ever
> written,
> > > and
> > > > you'll see. Basics my friend.
> > > >
> > > > --- "Michael B. Smith" <michael@xxxxxxxxxx>
> wrote:
> > > >
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > Have you yet answered ANYONE as to why?
> > > > >
> > > > > Or provided a reference? Either Microsoft or
> > > FIPS?
> > > > > Or anything else for
> > > > > that matter?
> > > > >
> > > > > -----Original Message-----
> > > > > From: Jared Johnson
> > > [mailto:jaredsjazz@xxxxxxxxx]
> > > > > Sent: Friday, August 06, 2004 10:58 AM
> > > > > To: [ExchangeList]
> > > > > Subject: [exchangelist] Re: Scheduling
> NTBackup
> > > to
> > > > > mapped drive
> > > > >
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > We do the same. Until some provides written
> > > > > > documentation from
> > > > > > Microsoft or a security company
> technically
> > > > > endorsed by Microsoft, I
> > > > > > will continue to Log off my servers when I
> am
> > > > > finished my task.>>
> > > > >
> > > > >
> > > > > All beginning admins do. It's not until
> you're
> > > in
> > > > > the big leagues that
> > > > > you realize why you should lock your boxes.
> > > > >
> > > > >
> > > > > --- Danny <nocmonkey@xxxxxxxxx> wrote:
> > > > >
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > On Fri, 06 Aug 2004 09:50:17 +0100, Duke
> > > > > <duke@xxxxxxxxxxxxxxxx>
> > > > > > wrote:
> > > > > > > http://www.MSExchange.org/
> > > > > > >
> > > > > > > Morning, Afternoon, Evenin All.
> > > > > >
> > > > > > Good morning, Duke and all.
> > > > > >
> > > > > > > Has Danny's original question been
> answered?
> > > > > >
> > > > > > I am not sure, as I have had several
> different
> > > > > responses. My goal is
> > > > > > to not have anyone logged in, and two
> backup
> > > jobs
> > > > > to run in the
> > > > > > background. Both jobs will save the backup
> to
> > > a
> > > > > remote Windows 2000
> > > > > > server. Job #1 will backup the Information
> > > Store,
> > > > > Job #2 will backup
> > > > > > the System State.
> > > > > >
> > > > > > > Forgetting the rhetorics, Danny have you
> > > gotten
> > > > > > the solution to the problem?
> > > > > >
> > > > > > No.
> > > > > >
> > > > > > > Locking or logging out depends very much
> on
> > > the
> > > > > > environment within which
> > > > > > > you are operating. Here, we mostly lock
> when
> > > > > > running a task and log out
> > > > > > > otherwise. There is no one clear right
> way.
> > > > > >
> > > > > > We do the same. Until some provides
> written
> > > > > documentation from
> > > > > > Microsoft or a security company
> technically
> > > > > endorsed by Microsoft, I
> > > > > > will continue to Log off my servers when I
> am
> > > > > finished my task.
> > > > > >
> > > > > > Kind Regards,
> > > > > >
> > > > > > ...D
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
Other related posts:
