Re: Scheduling NTBackup to mapped drive
- From: Jared Johnson <jaredsjazz@xxxxxxxxx>
- To: "\[ExchangeList\]" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 6 Aug 2004 13:20:35 -0700 (PDT)
Children, be nice. I feel like your daddy here
youngster.
You come across as a newbie, but that'd doesn't mean
you are. It's just that your statements are in
beginner mode.
Of course one can't log onto a server under "Guest."
My 15 year daughter knows that. I'm talking Servers
AND workstations/laptops. Or do you ONLY believe that
security is at the server level?? Again, a newbie
assumption. My daughter also knows ANY admin can
unlock a locked computer. So, again, what's your
point?? If you leave it logged off, then it can be
logged in by ANYONE on the domain if the GPO isn't set
exactly correct. If it's locked by an admin, then ONLY
and admin can unlock it.
Again, this is basics here Mr. 13 years of experience,
(experience in desktop support??)
--- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
>
> Jared, from the tone of your statements it sounds
> like you are the one who
> is a "new admin" and "younger". You sound like some
> punk on a warez list
> "windoz rulez, linux suks!@" without any foundations
> for your arguments. How
> is it more secure to lock it vs loggin off? Answer
> the F#$@ing question?
>
> I work in the "Paul G Allen center for computer
> science", I live in Seattle,
> many of our faculty members work at MS, and many of
> my friends do too. None
> of them have ever said that it was policy to 'leave
> all servers locked'. Yes
> you must eaither LOCK or LOG OFF, obviously you
> can't leave on logged on.
>
> I am definately not a new admin, I have been doing
> this for 13 years. Your
> comments are unfounded, and unsupported. Any idiot
> knows that an
> administrator can unlock a locked computer. Any
> idiot knows that guest and
> even regular user accounts can't log on to a server
> locally.
>
> What kind of exchange admin has a @yahoo account
> anyway?
>
> Tony Anderson
> UW CSE
>
>
>
> ----- Original Message -----
> From: "Jared Johnson" <jaredsjazz@xxxxxxxxx>
> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
> Sent: Friday, August 06, 2004 12:46 PM
> Subject: [exchangelist] Re: Scheduling NTBackup to
> mapped drive
>
>
> > http://www.MSExchange.org/
> >
> > Easy and expected replies to all.
> >
> > You just missed the point, as all new admins do.
> >
> > The point is: It's obviously LESS secure leaving
> the
> > computer logged off, than actually locking it.
> >
> > I mean, DUH
> >
> > --- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx>
> wrote:
> >
> > > http://www.MSExchange.org/
> > >
> > > Security documents might say "lock your computer
> > > when you leave"
> > > but they mean that as opposed to leaving it
> logged
> > > on. (not opposed to
> > > logging off)
> > >
> > > Your statements are incorrect:
> > > If you say that locking the computer prevents
> > > someone from logging on as
> > > 'Administrator' (presuming it wasn't renamed),
> that
> > > is wrong. An
> > > administrator could unlock a locked computer. A
> > > 'GUEST' could not log into a
> > > server locally anyway, against local policy.
> Same
> > > with Aspnet, or IIS
> > > accounts, they aren't allowed to log on locally.
> (by
> > > default!)
> > >
> > > Besides, if you have a hacker in your server
> room,
> > > he wouldn't need to log
> > > on, he could boot with a bartPE CD or a Linux
> boot
> > > floppy (to change the
> > > admin password
> > > http://home.eunet.no/~pnordahl/ntpasswd/) and
> change
> > > the
> > > admin password or do whatever he wanted. AND
> EVEN IF
> > > your server happens to
> > > be a domain controller, you can still change the
> > > local admin password and
> > > boot up in 'active directory recovery mode' and
> use
> > > the local password.
> > >
> > > Tony
> > >
> > > > Think about it: WHY would you give a hacker
> more
> > > > opportunities to log in to various known
> accounts,
> > > > i.e., GUEST (because of these newbies don't
> > > disable
> > > > that account), the Administrator (because
> newbies
> > > > don't rename the account), or having the
> server
> > > power
> > > > off because of the power profile isn't loaded
> when
> > > > logged out (unless changed, but newbies
> don't),
> > > the
> > > > IIS accounts, the ASPNet accounts, etc. etc.
> > > That's
> > > > just ridiculous to give hackers that easy
> > > opportunity.
> > > >
> > > > I just did a google search and quickly found a
> > > "Five
> > > > Security Steps.." by Microsoft. One of them
> > > mentioned,
> > > > "locking your computer..."
> > > >
> > > > Google it, go to support.microsoft.com, to
> > > dogpile,
> > > > your local professional IT Auditor. You'll
> find
> > > more
> > > > information on it that you'll want to.
> > > >
> > > > --- Mark Fugatt <mark@xxxxxxxxx> wrote:
> > > >
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > Yes, I would like you to provide me with one
> > > link
> > > > > that mentions that locking
> > > > > is more secure than logging out.
> > > > >
> > > > > What was the very first Windows 2000 admin
> book
> > > ever
> > > > > written?, and I will see
> > > > > if I can find reference to it in there.
> > > > >
> > > > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT),
> Jared
> > > > > Johnson wrote
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > Read the posts again. Do your search on
> > > dogpile,
> > > > > read
> > > > > > your beginning admin books. The proof is
> > > > > everywhere.
> > > > > > It's just plain common sense.
> > > > > >
> > > > > > You really want ME to do your research FOR
> > > YOU? Am
> > > > > I
> > > > > > your personal secretary dog? Dont' think
> so.
> > > Read
> > > > > the
> > > > > > very first Windows 2000 admin book ever
> > > written,
> > > > > and
> > > > > > you'll see. Basics my friend.
> > > > > >
> > > > > > --- "Michael B. Smith"
> <michael@xxxxxxxxxx>
> > > wrote:
> > > > > >
> > > > > > > http://www.MSExchange.org/
> > > > > > >
> > > > > > > Have you yet answered ANYONE as to why?
> > > > > > >
> > > > > > > Or provided a reference? Either
> Microsoft or
> > > > > FIPS?
> > > > > > > Or anything else for
> > > > > > > that matter?
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Jared Johnson
> > > > > [mailto:jaredsjazz@xxxxxxxxx]
> > > > > > > Sent: Friday, August 06, 2004 10:58 AM
> > > > > > > To: [ExchangeList]
> > > > > > > Subject: [exchangelist] Re: Scheduling
> > > NTBackup
> > > > > to
> > > > > > > mapped drive
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
Other related posts:
