Firewall Wizards mailing list archives
RE: Stanford break in
From: Richard.Bertolett () ci austin tx us
Date: Thu, 22 Apr 2004 09:20:27 -0500
All, In Windows administration, single-workstation authentication is possible, as it is an attribute of the user account. This could possibly be scripted with VB script, but there is a gotcha. In a Domain-type environment (NT4 Domains, NT5.x Active Directory), there has to be some sort of computer naming schema, for the WMI interface to look for. In some enterprises, the naming is done based on the user name, and this would enable the scripting to work most of the time. But if the computer naming is done based on computer site/floor/department location or perhaps computer serial number, the mapping of user ID to computer ID becomes considerably more difficult. I know it possible in Novell NDS, but here again, the actual implementation contributes its own complexities. Add to this the Layer [8] political realities of (a) users sometimes just start using different machines, and it seems IT admins are the last to find out, (b) in any central office-branch office organization, there seem to proliferate any number of 'smart users' that want to login to other machines to help their users, and (c) the usual under-staffedness of IT departments within any given organization, there never seems to be enough time to administer this kind of thing - automatically or manually - when the admins are busy recovering borked servers, adding new user groups for workgroup access to files, yada yada. You can see that this, while a good idea, becomes so terribly manual as to be mostly unworkable. IMHO. Cheers, Rick Bertolett Austin Water Utility
Authenticate with the server, but only allow access to one workstation. I've never had to do this on a large scale, is it as time consuming as it seems that it might be or are there tools that make this easier?
I'm not sure about the degree of administrative difficulty, hopefully someone with Windows admin experience can answer that.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Stanford break in, (continued)
- RE: Stanford break in R. DuFresne (Apr 22)
- RE: Stanford break in Carric Dooley (Apr 23)
- RE: Stanford break in Victor Williams (Apr 23)
- Re: Stanford break in mlh (Apr 23)
- Re: Stanford break in Luca Berra (Apr 23)
- Re: Stanford break in Chuck Vose (Apr 22)
- Re: Stanford break in Adam Shostack (Apr 22)
- Re: Stanford break in Carric Dooley (Apr 23)
- Passwords (was: Stanford break in) Ben Nagy (Apr 23)
- Re: Stanford break in Paul D. Robertson (Apr 22)
- RE: Stanford break in Carric Dooley (Apr 23)
- RE: Stanford break in Paul D. Robertson (Apr 23)
- RE: Stanford break in Vin McLellan (Apr 26)
- Re: Stanford break in Adam Shostack (Apr 23)
- Re: Stanford break in Bennett Todd (Apr 23)
- Re: Stanford break in Paul D. Robertson (Apr 23)