Hi Brian, Although a little off topic, you bring up the great dangers of the "single sign-in" issue. Using the same password for all resources certainly gives the bad guys the "keys to the mint". Thanks! Tom -----Original Message----- From: Brian K. Dore' [mailto:bkd@xxxxxxxxxxxxx] Sent: Friday, March 08, 2002 2:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Windows XP and ISA http://www.ISAserver.org John said: > Isn't having a XP Home computer with the user's name and password the > same as a domain user's name and password a security risk? Sure it is, but by those standards having domain users is a security risk. <grin> Seriously though, anytime someone uses a home machine to connect into the office they are likely to do this, and having the password stored in the XP SAM is way better than anything Windows 9x will do. You would want to avoid it if you could, but that's up to your users, not you. They probably also already use their domain password for access to their AOL service, hotmail account, e-bay account and for blocking r-rated movies from the kids on the cable box. You definitely want to avoid a situation like this for domain administrative accounts. Anyone with an administrative account should know better. Brian ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')