Re: Scheduling NTBackup to mapped drive
- From: "Andy David" <adavid@xxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Sat, 7 Aug 2004 10:11:15 -0400
You still havent provided any documentation to back your claims that this is
more secure than simply logging out or answered how this will protect
against remote access.
Mark is a friend of mine. He is one of the nicest, funniest, sharpest guys I
know. You, Sir, are no Mark Fugatt.
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Friday, August 06, 2004 11:41 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive
http://www.MSExchange.org/
Mark, I met you and liked you too, but you're coming across as a HUGE ass
yourself here. My "arrogance" is only surpassed by yours. You're losing my
respect.
Answers to your odd responses:
A: My gosh, everyone, even newbie's in here, knows the Guest account is
disabled by default. But it's ENABLED by newbie's. I mean, really, you don't
think admins out there enable that account? They do all the time all over
the place.
B: WRONG. You mean a Domain Controllers, NOT a server. I have 110 Windows
servers. I have only 10 domain controllers. That means 100 servers can be
logged onto (be default) anyone in the "domain users" group. Mark, I'm
surprised you missed the obvious here. And let's not even TALK About
non-domain member servers. And again, let's forget about GPO's. If you stick
a server (non-domain controller) that is a member a domain in the "domain
controllers" OU, then only Domain Admins can log in. That bit of expertise
will cost you $100.00.
C: I already explained that. Didn't you read my previous posts? Not to
mention, 80 of my servers can't be powered off WITHOUT A KEY, (like ALL
servers should be.) Also, look at the post AFTER this. How about the patch
installs and reboots?
I'm getting tired of being right.
-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Friday, August 06, 2004 7:35 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive
http://www.MSExchange.org/
OK, OK, this is the plan, let move this to another location, and I will
invite some folks from Microsoft Trustworthy Computing and a number of
security experts who do not participate in this list to contribute as it
would appear we all have different opinions, the location can be a) the
Microsoft Public Security Newsgroup or I have no problem hosting a newsgroup
for the discussion.
Jared, I have met you, I really like you and like many others here value
your contribution, but you are coming across as an arrogant, childish,
prick, you have not provided any authorative statement backing up your
comments, if you make a statement and get challenged on it then you should
provide supporting evidence not just respond with "why should I find it for
you", step up to the plate Jared and prove us all wrong, we are all wrong
sometime.
So, to correct you on some point:
A) the Guest account is disabled by default
B) Only members of the admin group can log in locally to a server and that's
the default
C) If you lock a workstation, anyone can unlock it by powering off and on,
same applied to screen saver passwords, so what the difference with this
compared to logging out?
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Friday, August 06, 2004 4:21 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive
http://www.MSExchange.org/
Children, be nice. I feel like your daddy here youngster.
You come across as a newbie, but that'd doesn't mean you are. It's just that
your statements are in beginner mode.
Of course one can't log onto a server under "Guest."
My 15 year daughter knows that. I'm talking Servers AND
workstations/laptops. Or do you ONLY believe that security is at the server
level?? Again, a newbie assumption. My daughter also knows ANY admin can
unlock a locked computer. So, again, what's your point?? If you leave it
logged off, then it can be logged in by ANYONE on the domain if the GPO
isn't set exactly correct. If it's locked by an admin, then ONLY and admin
can unlock it.
Again, this is basics here Mr. 13 years of experience, (experience in
desktop support??)
--- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
>
> Jared, from the tone of your statements it sounds like you are the one
> who is a "new admin" and "younger". You sound like some punk on a
> warez list "windoz rulez, linux suks!@" without any foundations for
> your arguments. How is it more secure to lock it vs loggin off? Answer
> the F#$@ing question?
>
> I work in the "Paul G Allen center for computer science", I live in
> Seattle, many of our faculty members work at MS, and many of my
> friends do too. None of them have ever said that it was policy to
> 'leave all servers locked'. Yes you must eaither LOCK or LOG OFF,
> obviously you can't leave on logged on.
>
> I am definately not a new admin, I have been doing this for 13 years.
> Your comments are unfounded, and unsupported. Any idiot knows that an
> administrator can unlock a locked computer. Any idiot knows that guest
> and even regular user accounts can't log on to a server locally.
>
> What kind of exchange admin has a @yahoo account anyway?
>
> Tony Anderson
> UW CSE
>
>
>
> ----- Original Message -----
> From: "Jared Johnson" <jaredsjazz@xxxxxxxxx>
> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
> Sent: Friday, August 06, 2004 12:46 PM
> Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive
>
>
> > http://www.MSExchange.org/
> >
> > Easy and expected replies to all.
> >
> > You just missed the point, as all new admins do.
> >
> > The point is: It's obviously LESS secure leaving
> the
> > computer logged off, than actually locking it.
> >
> > I mean, DUH
> >
> > --- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx>
> wrote:
> >
> > > http://www.MSExchange.org/
> > >
> > > Security documents might say "lock your computer when you leave"
> > > but they mean that as opposed to leaving it
> logged
> > > on. (not opposed to
> > > logging off)
> > >
> > > Your statements are incorrect:
> > > If you say that locking the computer prevents someone from logging
> > > on as 'Administrator' (presuming it wasn't renamed),
> that
> > > is wrong. An
> > > administrator could unlock a locked computer. A 'GUEST' could not
> > > log into a server locally anyway, against local policy.
> Same
> > > with Aspnet, or IIS
> > > accounts, they aren't allowed to log on locally.
> (by
> > > default!)
> > >
> > > Besides, if you have a hacker in your server
> room,
> > > he wouldn't need to log
> > > on, he could boot with a bartPE CD or a Linux
> boot
> > > floppy (to change the
> > > admin password
> > > http://home.eunet.no/~pnordahl/ntpasswd/) and
> change
> > > the
> > > admin password or do whatever he wanted. AND
> EVEN IF
> > > your server happens to
> > > be a domain controller, you can still change the local admin
> > > password and boot up in 'active directory recovery mode' and
> use
> > > the local password.
> > >
> > > Tony
> > >
> > > > Think about it: WHY would you give a hacker
> more
> > > > opportunities to log in to various known
> accounts,
> > > > i.e., GUEST (because of these newbies don't
> > > disable
> > > > that account), the Administrator (because
> newbies
> > > > don't rename the account), or having the
> server
> > > power
> > > > off because of the power profile isn't loaded
> when
> > > > logged out (unless changed, but newbies
> don't),
> > > the
> > > > IIS accounts, the ASPNet accounts, etc. etc.
> > > That's
> > > > just ridiculous to give hackers that easy
> > > opportunity.
> > > >
> > > > I just did a google search and quickly found a
> > > "Five
> > > > Security Steps.." by Microsoft. One of them
> > > mentioned,
> > > > "locking your computer..."
> > > >
> > > > Google it, go to support.microsoft.com, to
> > > dogpile,
> > > > your local professional IT Auditor. You'll
> find
> > > more
> > > > information on it that you'll want to.
> > > >
> > > > --- Mark Fugatt <mark@xxxxxxxxx> wrote:
> > > >
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > Yes, I would like you to provide me with one
> > > link
> > > > > that mentions that locking
> > > > > is more secure than logging out.
> > > > >
> > > > > What was the very first Windows 2000 admin
> book
> > > ever
> > > > > written?, and I will see
> > > > > if I can find reference to it in there.
> > > > >
> > > > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT),
> Jared
> > > > > Johnson wrote
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > Read the posts again. Do your search on
> > > dogpile,
> > > > > read
> > > > > > your beginning admin books. The proof is
> > > > > everywhere.
> > > > > > It's just plain common sense.
> > > > > >
> > > > > > You really want ME to do your research FOR
> > > YOU? Am
> > > > > I
> > > > > > your personal secretary dog? Dont' think
> so.
> > > Read
> > > > > the
> > > > > > very first Windows 2000 admin book ever
> > > written,
> > > > > and
> > > > > > you'll see. Basics my friend.
> > > > > >
> > > > > > --- "Michael B. Smith"
> <michael@xxxxxxxxxx>
> > > wrote:
> > > > > >
> > > > > > > http://www.MSExchange.org/
> > > > > > >
> > > > > > > Have you yet answered ANYONE as to why?
> > > > > > >
> > > > > > > Or provided a reference? Either
> Microsoft or
> > > > > FIPS?
> > > > > > > Or anything else for
> > > > > > > that matter?
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Jared Johnson
> > > > > [mailto:jaredsjazz@xxxxxxxxx]
> > > > > > > Sent: Friday, August 06, 2004 10:58 AM
> > > > > > > To: [ExchangeList]
> > > > > > > Subject: [exchangelist] Re: Scheduling
> > > NTBackup
> > > > > to
> > > > > > > mapped drive
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
mark@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
adavid@xxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Other related posts:
