Easy and expected replies to all. You just missed the point, as all new admins do. The point is: It's obviously LESS secure leaving the computer logged off, than actually locking it. I mean, DUH --- Tony Anderson <tandersn@xxxxxxxxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Security documents might say "lock your computer > when you leave" > but they mean that as opposed to leaving it logged > on. (not opposed to > logging off) > > Your statements are incorrect: > If you say that locking the computer prevents > someone from logging on as > 'Administrator' (presuming it wasn't renamed), that > is wrong. An > administrator could unlock a locked computer. A > 'GUEST' could not log into a > server locally anyway, against local policy. Same > with Aspnet, or IIS > accounts, they aren't allowed to log on locally. (by > default!) > > Besides, if you have a hacker in your server room, > he wouldn't need to log > on, he could boot with a bartPE CD or a Linux boot > floppy (to change the > admin password > http://home.eunet.no/~pnordahl/ntpasswd/) and change > the > admin password or do whatever he wanted. AND EVEN IF > your server happens to > be a domain controller, you can still change the > local admin password and > boot up in 'active directory recovery mode' and use > the local password. > > Tony > > > Think about it: WHY would you give a hacker more > > opportunities to log in to various known accounts, > > i.e., GUEST (because of these newbies don't > disable > > that account), the Administrator (because newbies > > don't rename the account), or having the server > power > > off because of the power profile isn't loaded when > > logged out (unless changed, but newbies don't), > the > > IIS accounts, the ASPNet accounts, etc. etc. > That's > > just ridiculous to give hackers that easy > opportunity. > > > > I just did a google search and quickly found a > "Five > > Security Steps.." by Microsoft. One of them > mentioned, > > "locking your computer..." > > > > Google it, go to support.microsoft.com, to > dogpile, > > your local professional IT Auditor. You'll find > more > > information on it that you'll want to. > > > > --- Mark Fugatt <mark@xxxxxxxxx> wrote: > > > > > http://www.MSExchange.org/ > > > > > > Yes, I would like you to provide me with one > link > > > that mentions that locking > > > is more secure than logging out. > > > > > > What was the very first Windows 2000 admin book > ever > > > written?, and I will see > > > if I can find reference to it in there. > > > > > > On Fri, 6 Aug 2004 08:14:21 -0700 (PDT), Jared > > > Johnson wrote > > > > http://www.MSExchange.org/ > > > > > > > > Read the posts again. Do your search on > dogpile, > > > read > > > > your beginning admin books. The proof is > > > everywhere. > > > > It's just plain common sense. > > > > > > > > You really want ME to do your research FOR > YOU? Am > > > I > > > > your personal secretary dog? Dont' think so. > Read > > > the > > > > very first Windows 2000 admin book ever > written, > > > and > > > > you'll see. Basics my friend. > > > > > > > > --- "Michael B. Smith" <michael@xxxxxxxxxx> > wrote: > > > > > > > > > http://www.MSExchange.org/ > > > > > > > > > > Have you yet answered ANYONE as to why? > > > > > > > > > > Or provided a reference? Either Microsoft or > > > FIPS? > > > > > Or anything else for > > > > > that matter? > > > > > > > > > > -----Original Message----- > > > > > From: Jared Johnson > > > [mailto:jaredsjazz@xxxxxxxxx] > > > > > Sent: Friday, August 06, 2004 10:58 AM > > > > > To: [ExchangeList] > > > > > Subject: [exchangelist] Re: Scheduling > NTBackup > > > to > > > > > mapped drive > > > > > > > > > > http://www.MSExchange.org/ > > > > > > > > > > We do the same. Until some provides written > > > > > > documentation from > > > > > > Microsoft or a security company > technically > > > > > endorsed by Microsoft, I > > > > > > will continue to Log off my servers when I > am > > > > > finished my task.>> > > > > > > > > > > > > > > > All beginning admins do. It's not until > you're > > > in > > > > > the big leagues that > > > > > you realize why you should lock your boxes. > > > > > > > > > > > > > > > --- Danny <nocmonkey@xxxxxxxxx> wrote: > > > > > > > > > > > http://www.MSExchange.org/ > > > > > > > > > > > > On Fri, 06 Aug 2004 09:50:17 +0100, Duke > > > > > <duke@xxxxxxxxxxxxxxxx> > > > > > > wrote: > > > > > > > http://www.MSExchange.org/ > > > > > > > > > > > > > > Morning, Afternoon, Evenin All. > > > > > > > > > > > > Good morning, Duke and all. > > > > > > > > > > > > > Has Danny's original question been > answered? > > > > > > > > > > > > I am not sure, as I have had several > different > > > > > responses. My goal is > > > > > > to not have anyone logged in, and two > backup > > > jobs > > > > > to run in the > > > > > > background. Both jobs will save the backup > to > > > a > > > > > remote Windows 2000 > > > > > > server. Job #1 will backup the Information > > > Store, > > > > > Job #2 will backup > > > > > > the System State. > > > > > > > > > > > > > Forgetting the rhetorics, Danny have you > > > gotten > > > > > > the solution to the problem? > > > > > > > > > > > > No. > > > > > > > > > > > > > Locking or logging out depends very much > on > > > the > > > > > > environment within which > > > > > > > you are operating. Here, we mostly lock > when > > > > > > running a task and log out > > > > > > > otherwise. There is no one clear right > way. > > > > > > > > > > > > We do the same. Until some provides > written > > > > > documentation from > > > > > > Microsoft or a security company > technically > > > > > endorsed by Microsoft, I > > > > > > will continue to Log off my servers when I > am > > > > > finished my task. > > > > > > > > > > > > Kind Regards, > > > > > > > > > > > > ...D > === message truncated === __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail