Here's one someone prepare earlier (found by a search for NBTSTAT on Google)......
http://www.hildrum.com/nbtstat.htm
Gary Menzel
IT Operations Brisbane -+- ABN AMRO Morgans Limited
Level 29, 123 Eagle Street BRISBANE QLD 4000
PH: 07 333 44 828 FX: 07 3834 0828
[EMAIL PROTECTED] wrote on 03/17/2003 09:58:21 AM:
> You got more info on NBSTAT? ie a URL? I've never heard/come accross
> it until this thread, keen to see what potentials it has in regards
> to securing apps.
>
> Two things blow my hair back.
> 1. Application Security
> 2. Application Iface development...
>
> Combination of two = uBER!
>
> "gary menzel" <[EMAIL PROTECTED]> wrote in message news:
> [EMAIL PROTECTED]
>
> You are probably right Scott. The place I was mentioning did not
> use IIS (but Netscape) and LDAP support in AD was not reliable.
>
> NBTSTAT is a (semi) reliable way of doing what Taco wants - and is
> "portable" to some degree. It is secure enough because the call to
> NBTSTAT does not rely on information accessible by the Client unless
> they get right down into the guts of the network protocols to play
> games at that level and you should be able to lock machines down
> enough so the "average" user is not able to install anything at that level.
>
> The problems with it are if NETBIOS support is not enabled on the
> network, if there is an inconsistency in the way names are used (you
> cannot always rely on the record type in NBTSTAT telling you which
> is the USERNAME - because machines can also have user names - so you
> have to rely on a naming convention of some sort). Stuff like that.
>
> Gary Menzel
> IT Operations Brisbane -+- ABN AMRO Morgans Limited
> Level 29, 123 Eagle Street BRISBANE QLD 4000
> PH: 07 333 44 828 FX: 07 3834 0828
>
> [EMAIL PROTECTED] wrote on 03/17/2003 09:34:11 AM:
>
> > In truth, i think this relies on IIS anonymous access turned off in order to
> > work? I don't have IIS to double check this, but can anyone else shed some
> > light onto this theory of mine :D
> >
> > Scott
> >
> >
> >
> > "Taco Fleur" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > >
> > > OK, got to work today, had a go at it with cgi.remote_user but can't find
> > > any docos on the correct permissions needed for it to return the required
> > > info.
> > >
> > > Anyone any ides on this?
> > >
> > > TIA
> > > Taco
> > >
> > > > Taco all you need to do is retrieve the CGI.AUTH_USER variable(could be
> > =
> > > > CGI.REMOTE_USER I'll have to double check that), and in a domain =
> > > > environment like Active Directory it will always be populated with the =
> > > > user's domain user account.....e.g "domain\taco"
> > >
> > >
> >
> >
> >
> > ---
> > You are currently subscribed to cfaussie as: gary.
> [EMAIL PROTECTED]
> > To unsubscribe send a blank email to [EMAIL PROTECTED]
> daemon.com.au
> >
> > MX Downunder AsiaPac DevCon - http://mxdu.com/
> ****************************************************************************
> If this communication is not intended for you and you are not an authorised
> recipient of this email you are prohibited by law from dealing with or
> relying on the email or any file attachments. This prohibition includes
> reading, printing, copying, re-transmitting, disseminating, storing or in
> any other way dealing or acting in reliance on the information. If you
> have received this email in error, we request you contact ABN AMRO Morgans
> Limited immediately by returning the email to [EMAIL PROTECTED]
> and destroy the original. We will refund any reasonable costs associated
> with notifying ABN AMRO Morgans. This email is confidential and may contain
> privileged client information. ABN AMRO Morgans has taken reasonable steps
> to ensure the accuracy and integrity of all its communications, including
> electronic communications, but accepts no liability for materials
> transmitted. Materials may also be transmitted without the knowledge of ABN
> AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not
> accept liability for the results of any actions taken or not on the basis
> of the information in this report. ABN AMRO Morgans Limited and its
> associates hold or may hold securities in the companies/trusts mentioned
> herein. Any recommendation is made on the basis of our research of the
> investment and may not suit the specific requirements of clients.
> Assessments of suitability to an individual's portfolio can only be made
> after an examination of the particular client's investments, financial
> circumstances and requirements.
> ****************************************************************************
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/ ****************************************************************************
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information. If you
have received this email in error, we request you contact ABN AMRO Morgans
Limited immediately by returning the email to [EMAIL PROTECTED]
and destroy the original. We will refund any reasonable costs associated
with notifying ABN AMRO Morgans. This email is confidential and may contain
privileged client information. ABN AMRO Morgans has taken reasonable steps
to ensure the accuracy and integrity of all its communications, including
electronic communications, but accepts no liability for materials
transmitted. Materials may also be transmitted without the knowledge of ABN
AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not
accept liability for the results of any actions taken or not on the basis
of the information in this report. ABN AMRO Morgans Limited and its
associates hold or may hold securities in the companies/trusts mentioned
herein. Any recommendation is made on the basis of our research of the
investment and may not suit the specific requirements of clients.
Assessments of suitability to an individual's portfolio can only be made
after an examination of the particular client's investments, financial
circumstances and requirements.
****************************************************************************
--- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
- [cfaussie] Re: Intranet Authentication Via Username Scott Barnes
- [cfaussie] Re: Intranet Authentication Via Username Gary Menzel
- [cfaussie] Re: Intranet Authentication Via Username Phil Rasmussen
- [cfaussie] Re: Intranet Authentication Via Username gary menzel
- [cfaussie] Re: Intranet Authentication Via Username Taco Fleur
- [cfaussie] Re: Intranet Authentication Via Username Scott Barnes
- [cfaussie] Re: Intranet Authentication Via Username gary menzel
- [cfaussie] Re: Intranet Authentication Via Username Hickman, Matt
- [cfaussie] Re: Intranet Authentication Via Username Taco Fleur
- [cfaussie] Re: Intranet Authentication Via Username Scott Barnes
- [cfaussie] Re: Intranet Authentication Via Username gary menzel
- [cfaussie] Re: Intranet Authentication Via Username Scott Barnes
- [cfaussie] Re: Intranet Authentication Via Username Taco Fleur
- [cfaussie] Re: Intranet Authentication Via Username Taco Fleur
- [cfaussie] Re: Intranet Authentication Via Username Scott Barnes
- [cfaussie] Re: Intranet Authentication Via Username gary menzel
- [cfaussie] Re: Intranet Authentication Via Username Taco Fleur
- [cfaussie] Re: Intranet Authentication Via Username George Lu
- [cfaussie] Re: Intranet Authentication Via Username Simon Handfield
- [cfaussie] Re: Intranet Authentication Via Username George Lu
- [cfaussie] Re: Intranet Authentication Via Username Simon Handfield
