RE: [ActiveDir] Number of Interactive Logons

Fri, 22 Aug 2003 06:08:48 -0700

Title: Message
Marc,
 
I'm not sure if this is a typo or not - but your Security people are saying "Hey if someone steals this computer so that it can't connect to the DC to authenticate, we would like to give them 50 chances to hack into the box - not the ZERO that is typically recommended for a secured environment, or the 10 that is default."
 
And your certain when they said Security, they didn't mean the Keystone cop-type rental agency guys that roam around and ask to see badges?
 
Yes, I'm being brutally sarcastic, but this is toally the opposite thinking that you should be using in this case.  For a secure environment or systems that should not be authenticated to with a network logon UNLESS A DC is available, set this value to zero.  IMHO, 10 is too high.
 

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of De Schepper Marc
Sent: Friday, August 22, 2003 6:41 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Number of Interactive Logons

Hey all,
 
I would like to have some feedback of the following Policy setting:
 
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
 
 
The default is 10, but our Security people would like to put it on 50.
 
Does anyone have some arguments not to use 50?
 
Marc 

*************************************************************

Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen.

This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents.

*************************************************************

Reply via email to