Re: Scheduling NTBackup to mapped drive

  • From: "Tony Anderson" <tandersn@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 6 Aug 2004 13:13:43 -0700

Jared, from the tone of your statements it sounds like you are the one who
is a "new admin" and "younger". You sound like some punk on a warez list
"windoz rulez, linux suks!@" without any foundations for your arguments. How
is it more secure to lock it vs loggin off? Answer the F#$@ing question?

I work in the "Paul G Allen center for computer science", I live in Seattle,
many of our faculty members work at MS, and many of my friends do too. None
of them have ever said that it was policy to 'leave all servers locked'. Yes
you must eaither LOCK or LOG OFF, obviously you can't leave on logged on.

I am definately not a new admin, I have been doing this for 13 years. Your
comments are unfounded, and unsupported. Any idiot knows that an
administrator can unlock a locked computer. Any idiot knows that guest and
even regular user accounts can't log on to a server locally.

What kind of exchange admin has a @yahoo account anyway?

Tony Anderson
UW CSE



----- Original Message ----- 
From: "Jared Johnson" <jaredsjazz@xxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Sent: Friday, August 06, 2004 12:46 PM
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive


> http://www.MSExchange.org/
>
> Easy and expected replies to all.
>
> You just missed the point, as all new admins do.
>
> The point is: It's obviously LESS secure leaving the
> computer logged off, than actually locking it.
>
> I mean, DUH
>
> --- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx> wrote:
>
> > http://www.MSExchange.org/
> >
> > Security documents might say "lock your computer
> > when you leave"
> > but they mean that as opposed to leaving it logged
> > on. (not opposed to
> > logging off)
> >
> > Your statements are incorrect:
> > If you say that locking the computer prevents
> > someone from logging on as
> > 'Administrator' (presuming it wasn't renamed), that
> > is wrong. An
> > administrator could unlock a locked computer. A
> > 'GUEST' could not log into a
> > server locally anyway, against local policy. Same
> > with Aspnet, or IIS
> > accounts, they aren't allowed to log on locally. (by
> > default!)
> >
> > Besides, if you have a hacker in your server room,
> > he wouldn't need to log
> > on, he could boot with a bartPE CD or a Linux boot
> > floppy (to change the
> > admin password
> > http://home.eunet.no/~pnordahl/ntpasswd/) and change
> > the
> > admin password or do whatever he wanted. AND EVEN IF
> > your server happens to
> > be a domain controller, you can still change the
> > local admin password and
> > boot up in 'active directory recovery mode' and use
> > the local password.
> >
> > Tony
> >
> > > Think about it: WHY would you give a hacker more
> > > opportunities to log in to various known accounts,
> > > i.e., GUEST (because of these newbies don't
> > disable
> > > that account), the Administrator (because newbies
> > > don't rename the account), or having the server
> > power
> > > off because of the power profile isn't loaded when
> > > logged out (unless changed, but newbies don't),
> > the
> > > IIS accounts, the ASPNet accounts, etc. etc.
> > That's
> > > just ridiculous to give hackers that easy
> > opportunity.
> > >
> > > I just did a google search and quickly found a
> > "Five
> > > Security Steps.." by Microsoft. One of them
> > mentioned,
> > > "locking your computer..."
> > >
> > > Google it, go to support.microsoft.com, to
> > dogpile,
> > > your local professional IT Auditor. You'll find
> > more
> > > information on it that you'll want to.
> > >
> > > --- Mark Fugatt <mark@xxxxxxxxx> wrote:
> > >
> > > > http://www.MSExchange.org/
> > > >
> > > > Yes, I would like you to provide me with one
> > link
> > > > that mentions that locking
> > > > is more secure than logging out.
> > > >
> > > > What was the very first Windows 2000 admin book
> > ever
> > > > written?, and I will see
> > > > if I can find reference to it in there.
> > > >
> > > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT), Jared
> > > > Johnson wrote
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > Read the posts again. Do your search on
> > dogpile,
> > > > read
> > > > > your beginning admin books. The proof is
> > > > everywhere.
> > > > > It's just plain common sense.
> > > > >
> > > > > You really want ME to do your research FOR
> > YOU? Am
> > > > I
> > > > > your personal secretary dog? Dont' think so.
> > Read
> > > > the
> > > > > very first Windows 2000 admin book ever
> > written,
> > > > and
> > > > > you'll see. Basics my friend.
> > > > >
> > > > > --- "Michael B. Smith" <michael@xxxxxxxxxx>
> > wrote:
> > > > >
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > Have you yet answered ANYONE as to why?
> > > > > >
> > > > > > Or provided a reference? Either Microsoft or
> > > > FIPS?
> > > > > > Or anything else for
> > > > > > that matter?
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Jared Johnson
> > > > [mailto:jaredsjazz@xxxxxxxxx]
> > > > > > Sent: Friday, August 06, 2004 10:58 AM
> > > > > > To: [ExchangeList]
> > > > > > Subject: [exchangelist] Re: Scheduling
> > NTBackup
> > > > to
> > > > > > mapped drive
> > > > > >
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > We do the same. Until some provides written
> > > > > > > documentation from
> > > > > > > Microsoft or a security company
> > technically
> > > > > > endorsed by Microsoft, I
> > > > > > > will continue to Log off my servers when I
> > am
> > > > > > finished my task.>>
> > > > > >
> > > > > >
> > > > > > All beginning admins do. It's not until
> > you're
> > > > in
> > > > > > the big leagues that
> > > > > > you realize why you should lock your boxes.
> > > > > >
> > > > > >
> > > > > > --- Danny <nocmonkey@xxxxxxxxx> wrote:
> > > > > >
> > > > > > > http://www.MSExchange.org/
> > > > > > >
> > > > > > > On Fri, 06 Aug 2004 09:50:17 +0100, Duke
> > > > > > <duke@xxxxxxxxxxxxxxxx>
> > > > > > > wrote:
> > > > > > > > http://www.MSExchange.org/
> > > > > > > >
> > > > > > > > Morning, Afternoon, Evenin All.
> > > > > > >
> > > > > > > Good morning, Duke and all.
> > > > > > >
> > > > > > > > Has Danny's original question been
> > answered?
> > > > > > >
> > > > > > > I am not sure, as I have had several
> > different
> > > > > > responses. My goal is
> > > > > > > to not have anyone logged in, and two
> > backup
> > > > jobs
> > > > > > to run in the
> > > > > > > background. Both jobs will save the backup
> > to
> > > > a
> > > > > > remote Windows 2000
> > > > > > > server. Job #1 will backup the Information
> > > > Store,
> > > > > > Job #2 will backup
> > > > > > > the System State.
> > > > > > >
> > > > > > > > Forgetting the rhetorics, Danny have you
> > > > gotten
> > > > > > > the solution to the problem?
> > > > > > >
> > > > > > > No.
> > > > > > >
> > > > > > > > Locking or logging out depends very much
> > on
> > > > the
> > > > > > > environment within which
> > > > > > > > you are operating. Here, we mostly lock
> > when
> > > > > > > running a task and log out
> > > > > > > > otherwise. There is no one clear right
> > way.
> > > > > > >
> > > > > > > We do the same. Until some provides
> > written
> > > > > > documentation from
> > > > > > > Microsoft or a security company
> > technically
> > > > > > endorsed by Microsoft, I
> > > > > > > will continue to Log off my servers when I
> > am
> > > > > > finished my task.
> > > > > > >
> > > > > > > Kind Regards,
> > > > > > >
> > > > > > > ...D
> >
> === message truncated ===
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
tandersn@xxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 08-2004