Re: Scheduling NTBackup to mapped drive

• From: "Tony Anderson" <tandersn@xxxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 6 Aug 2004 12:39:58 -0700

Security documents might say "lock your computer when you leave"
but they mean that as opposed to leaving it logged on. (not opposed to
logging off)

Your statements are incorrect:
If you say that locking the computer prevents someone from logging on as
'Administrator' (presuming it wasn't renamed), that is wrong. An
administrator could unlock a locked computer. A 'GUEST' could not log into a
server locally anyway, against local policy. Same with Aspnet, or IIS
accounts, they aren't allowed to log on locally. (by default!)

Besides, if you have a hacker in your server room, he wouldn't need to log
on, he could boot with a bartPE CD or a Linux boot floppy (to change the
admin password http://home.eunet.no/~pnordahl/ntpasswd/) and change the
admin password or do whatever he wanted. AND EVEN IF your server happens to
be a domain controller, you can still change the local admin password and
boot up in 'active directory recovery mode' and use the local password.

Tony

> Think about it: WHY would you give a hacker more
> opportunities to log in to various known accounts,
> i.e., GUEST (because of these newbies don't disable
> that account), the Administrator (because newbies
> don't rename the account), or having the server power
> off because of the power profile isn't loaded when
> logged out (unless changed, but newbies don't), the
> IIS accounts, the ASPNet accounts, etc. etc. That's
> just ridiculous to give hackers that easy opportunity.
>
> I just did a google search and quickly found a "Five
> Security Steps.." by Microsoft. One of them mentioned,
> "locking your computer..."
>
> Google it, go to support.microsoft.com, to dogpile,
> your local professional IT Auditor. You'll find more
> information on it that you'll want to.
>
> --- Mark Fugatt <mark@xxxxxxxxx> wrote:
>
> > http://www.MSExchange.org/
> >
> > Yes, I would like you to provide me with one link
> > that mentions that locking
> > is more secure than logging out.
> >
> > What was the very first Windows 2000 admin book ever
> > written?, and I will see
> > if I can find reference to it in there.
> >
> > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT), Jared
> > Johnson wrote
> > > http://www.MSExchange.org/
> > >
> > > Read the posts again. Do your search on dogpile,
> > read
> > > your beginning admin books. The proof is
> > everywhere.
> > > It's just plain common sense.
> > >
> > > You really want ME to do your research FOR YOU? Am
> > I
> > > your personal secretary dog? Dont' think so. Read
> > the
> > > very first Windows 2000 admin book ever written,
> > and
> > > you'll see. Basics my friend.
> > >
> > > --- "Michael B. Smith" <michael@xxxxxxxxxx> wrote:
> > >
> > > > http://www.MSExchange.org/
> > > >
> > > > Have you yet answered ANYONE as to why?
> > > >
> > > > Or provided a reference? Either Microsoft or
> > FIPS?
> > > > Or anything else for
> > > > that matter?
> > > >
> > > > -----Original Message-----
> > > > From: Jared Johnson
> > [mailto:jaredsjazz@xxxxxxxxx]
> > > > Sent: Friday, August 06, 2004 10:58 AM
> > > > To: [ExchangeList]
> > > > Subject: [exchangelist] Re: Scheduling NTBackup
> > to
> > > > mapped drive
> > > >
> > > > http://www.MSExchange.org/
> > > >
> > > > We do the same. Until some provides written
> > > > > documentation from
> > > > > Microsoft or a security company technically
> > > > endorsed by Microsoft, I
> > > > > will continue to Log off my servers when I am
> > > > finished my task.>>
> > > >
> > > >
> > > > All beginning admins do. It's not until you're
> > in
> > > > the big leagues that
> > > > you realize why you should lock your boxes.
> > > >
> > > >
> > > > --- Danny <nocmonkey@xxxxxxxxx> wrote:
> > > >
> > > > > http://www.MSExchange.org/
> > > > >
> > > > > On Fri, 06 Aug 2004 09:50:17 +0100, Duke
> > > > <duke@xxxxxxxxxxxxxxxx>
> > > > > wrote:
> > > > > > http://www.MSExchange.org/
> > > > > >
> > > > > > Morning, Afternoon, Evenin All.
> > > > >
> > > > > Good morning, Duke and all.
> > > > >
> > > > > > Has Danny's original question been answered?
> > > > >
> > > > > I am not sure, as I have had several different
> > > > responses. My goal is
> > > > > to not have anyone logged in, and two backup
> > jobs
> > > > to run in the
> > > > > background. Both jobs will save the backup to
> > a
> > > > remote Windows 2000
> > > > > server. Job #1 will backup the Information
> > Store,
> > > > Job #2 will backup
> > > > > the System State.
> > > > >
> > > > > > Forgetting the rhetorics, Danny have you
> > gotten
> > > > > the solution to the problem?
> > > > >
> > > > > No.
> > > > >
> > > > > > Locking or logging out depends very much on
> > the
> > > > > environment within which
> > > > > > you are operating. Here, we mostly lock when
> > > > > running a task and log out
> > > > > > otherwise. There is no one clear right way.
> > > > >
> > > > > We do the same. Until some provides written
> > > > documentation from
> > > > > Microsoft or a security company technically
> > > > endorsed by Microsoft, I
> > > > > will continue to Log off my servers when I am
> > > > finished my task.
> > > > >
> > > > > Kind Regards,
> > > > >
> > > > > ...D
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------
> > > > > List Archives:
> > > > >
> > > >
> > >
> >
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > > > > Exchange Newsletters:
> > > > > http://www.msexchange.org/pages/newsletter.asp
> > > > > Exchange FAQ:
> > > > >
> > > >
> > >
> >
> http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking:
> > > > > http://www.windowsnetworking.com
> > > > > Leading Network Software Directory:
> > > > > http://www.serverfiles.com
> > > > > No.1 ISA Server Resource Site:
> > > > > http://www.isaserver.org
> > > > > Windows Security Resource Site:
> > > > > http://www.windowsecurity.com/
> > > > > Network Security Library:
> > http://www.secinf.net/
> > > > Windows 2000/NT Fax
> > > > > Solutions:
> > > > > http://www.ntfaxfaq.com
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------
> > > > > You are currently subscribed to this
> > > > MSEXchange.org Discussion List
> > > > > as: JaredsJazz@xxxxxxxxx To unsubscribe visit
> > > > >
> > > >
> > >
> >
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > > > >
> > > >
> > > >
> > > >
> > __________________________________________________
> > > > Do You Yahoo!?
> > > > Tired of spam?  Yahoo! Mail has the best spam
> > > > protection around
> > > > http://mail.yahoo.com
> > > >
> > > >
> > >
> >
> ------------------------------------------------------
> > > > List Archives:
> > > >
> > >
> >
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > > > Exchange Newsletters:
> > > > http://www.msexchange.org/pages/newsletter.asp
> > > > Exchange FAQ:
> > > >
> > >
> >
> http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > > >
> > >
> >
> ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking:
> > > > http://www.windowsnetworking.com Leading
> > > > Network Software Directory:
> > > > http://www.serverfiles.com
> > > > No.1 ISA Server Resource Site:
> > > > http://www.isaserver.org Windows Security
> > > > Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library:
> > > > http://www.secinf.net/ Windows 2000/NT Fax
> > > > Solutions:
> > > > http://www.ntfaxfaq.com
> > > >
> > >
> >
> ------------------------------------------------------
> >
> === message truncated ===
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
tandersn@xxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>

Other related posts:

• » Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » RE: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive
• » Re: Scheduling NTBackup to mapped drive

1. Home
2. exchangelist
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---