Security documents might say "lock your computer when you leave" but they mean that as opposed to leaving it logged on. (not opposed to logging off) Your statements are incorrect: If you say that locking the computer prevents someone from logging on as 'Administrator' (presuming it wasn't renamed), that is wrong. An administrator could unlock a locked computer. A 'GUEST' could not log into a server locally anyway, against local policy. Same with Aspnet, or IIS accounts, they aren't allowed to log on locally. (by default!) Besides, if you have a hacker in your server room, he wouldn't need to log on, he could boot with a bartPE CD or a Linux boot floppy (to change the admin password http://home.eunet.no/~pnordahl/ntpasswd/) and change the admin password or do whatever he wanted. AND EVEN IF your server happens to be a domain controller, you can still change the local admin password and boot up in 'active directory recovery mode' and use the local password. Tony > Think about it: WHY would you give a hacker more > opportunities to log in to various known accounts, > i.e., GUEST (because of these newbies don't disable > that account), the Administrator (because newbies > don't rename the account), or having the server power > off because of the power profile isn't loaded when > logged out (unless changed, but newbies don't), the > IIS accounts, the ASPNet accounts, etc. etc. That's > just ridiculous to give hackers that easy opportunity. > > I just did a google search and quickly found a "Five > Security Steps.." by Microsoft. One of them mentioned, > "locking your computer..." > > Google it, go to support.microsoft.com, to dogpile, > your local professional IT Auditor. You'll find more > information on it that you'll want to. > > --- Mark Fugatt <mark@xxxxxxxxx> wrote: > > > http://www.MSExchange.org/ > > > > Yes, I would like you to provide me with one link > > that mentions that locking > > is more secure than logging out. > > > > What was the very first Windows 2000 admin book ever > > written?, and I will see > > if I can find reference to it in there. > > > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT), Jared > > Johnson wrote > > > http://www.MSExchange.org/ > > > > > > Read the posts again. Do your search on dogpile, > > read > > > your beginning admin books. The proof is > > everywhere. > > > It's just plain common sense. > > > > > > You really want ME to do your research FOR YOU? Am > > I > > > your personal secretary dog? Dont' think so. Read > > the > > > very first Windows 2000 admin book ever written, > > and > > > you'll see. Basics my friend. > > > > > > --- "Michael B. Smith" <michael@xxxxxxxxxx> wrote: > > > > > > > http://www.MSExchange.org/ > > > > > > > > Have you yet answered ANYONE as to why? > > > > > > > > Or provided a reference? Either Microsoft or > > FIPS? > > > > Or anything else for > > > > that matter? > > > > > > > > -----Original Message----- > > > > From: Jared Johnson > > [mailto:jaredsjazz@xxxxxxxxx] > > > > Sent: Friday, August 06, 2004 10:58 AM > > > > To: [ExchangeList] > > > > Subject: [exchangelist] Re: Scheduling NTBackup > > to > > > > mapped drive > > > > > > > > http://www.MSExchange.org/ > > > > > > > > We do the same. Until some provides written > > > > > documentation from > > > > > Microsoft or a security company technically > > > > endorsed by Microsoft, I > > > > > will continue to Log off my servers when I am > > > > finished my task.>> > > > > > > > > > > > > All beginning admins do. It's not until you're > > in > > > > the big leagues that > > > > you realize why you should lock your boxes. > > > > > > > > > > > > --- Danny <nocmonkey@xxxxxxxxx> wrote: > > > > > > > > > http://www.MSExchange.org/ > > > > > > > > > > On Fri, 06 Aug 2004 09:50:17 +0100, Duke > > > > <duke@xxxxxxxxxxxxxxxx> > > > > > wrote: > > > > > > http://www.MSExchange.org/ > > > > > > > > > > > > Morning, Afternoon, Evenin All. > > > > > > > > > > Good morning, Duke and all. > > > > > > > > > > > Has Danny's original question been answered? > > > > > > > > > > I am not sure, as I have had several different > > > > responses. My goal is > > > > > to not have anyone logged in, and two backup > > jobs > > > > to run in the > > > > > background. Both jobs will save the backup to > > a > > > > remote Windows 2000 > > > > > server. Job #1 will backup the Information > > Store, > > > > Job #2 will backup > > > > > the System State. > > > > > > > > > > > Forgetting the rhetorics, Danny have you > > gotten > > > > > the solution to the problem? > > > > > > > > > > No. > > > > > > > > > > > Locking or logging out depends very much on > > the > > > > > environment within which > > > > > > you are operating. Here, we mostly lock when > > > > > running a task and log out > > > > > > otherwise. There is no one clear right way. > > > > > > > > > > We do the same. Until some provides written > > > > documentation from > > > > > Microsoft or a security company technically > > > > endorsed by Microsoft, I > > > > > will continue to Log off my servers when I am > > > > finished my task. > > > > > > > > > > Kind Regards, > > > > > > > > > > ...D > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > > > > > > > > > > > > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > > Exchange Newsletters: > > > > > http://www.msexchange.org/pages/newsletter.asp > > > > > Exchange FAQ: > > > > > > > > > > > > > > > http://www.msexchange.org/pages/larticle.asp?type=FAQ > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > Other Internet Software Marketing Sites: > > > > > World of Windows Networking: > > > > > http://www.windowsnetworking.com > > > > > Leading Network Software Directory: > > > > > http://www.serverfiles.com > > > > > No.1 ISA Server Resource Site: > > > > > http://www.isaserver.org > > > > > Windows Security Resource Site: > > > > > http://www.windowsecurity.com/ > > > > > Network Security Library: > > http://www.secinf.net/ > > > > Windows 2000/NT Fax > > > > > Solutions: > > > > > http://www.ntfaxfaq.com > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this > > > > MSEXchange.org Discussion List > > > > > as: JaredsJazz@xxxxxxxxx To unsubscribe visit > > > > > > > > > > > > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Tired of spam? Yahoo! Mail has the best spam > > > > protection around > > > > http://mail.yahoo.com > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > > > > > > > > > > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > Exchange Newsletters: > > > > http://www.msexchange.org/pages/newsletter.asp > > > > Exchange FAQ: > > > > > > > > > > http://www.msexchange.org/pages/larticle.asp?type=FAQ > > > > > > > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > World of Windows Networking: > > > > http://www.windowsnetworking.com Leading > > > > Network Software Directory: > > > > http://www.serverfiles.com > > > > No.1 ISA Server Resource Site: > > > > http://www.isaserver.org Windows Security > > > > Resource Site: http://www.windowsecurity.com/ > > > > Network Security Library: > > > > http://www.secinf.net/ Windows 2000/NT Fax > > > > Solutions: > > > > http://www.ntfaxfaq.com > > > > > > > > > > ------------------------------------------------------ > > > === message truncated === > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: tandersn@xxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >