When we had a similar project, the intention was not so much to prevent "the user" from accessing network resources. IThe objective was to turn off unpatched/vulnerable systems that do not conform to the corporate standard. For example, you want computers that don't have the latest AV or are not RPC-DCOM-protected turned off from the network. These computers don't NEED anyone to be logged into them with any domain credentials before they become infected and start spreading. Needless to say, the project was still-born :(
Sincerely,
D�j� Ak�m�l�f�, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
D�j� Ak�m�l�f�, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Creamer, Mark
Sent: Tue 1/20/2004 5:56 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] forcing a logoff
> 2. Win2K and later (I have no NT 4) has cached credentials, so a user could unplug, log in, replug and > thereby bypass the logon script But they still wouldn't have access to anything network based. Those cached credentials will only get them on their local machine. >>> I would think they would simply be prompted for user name and password, at which time they would again have access to the resource. My point was this process avoids the logon script. Thanks for the 802.1x tip - I'll look into that. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
