That is very true about the windows lockdown. I managed to do the same thing when testing domain security policies at work. We got a little over zealous on some computers that were public access and ended up making it so that even IE couldn't run (not that that's a bad thing). but fortunately we knew what we were doing well enough to except the administrators group from recieving the policy. Just kind of funny how with microsoft you either don't get enough, or you get way more than you ever wanted.
BTW I did get the security policies to run the way we wanted. We just mostly did that for fun. On Fri, 27 Aug 2004 18:39:03 -0600, Erin Sharmahd <[EMAIL PROTECTED]> wrote: > my boss made a comment about windoze security that i thought was > humorous... he said that in windows server 2003 (which they run on > some of the computers), it's possible to "lock-down" the computer to > the point that the administrator doesn't even have rights... he > discovered this when the security department at the office "locked > down" one of the computers, and when he logged in (as the server > administrator), he didn't have read/write/execute privileges on > anything. He also didn't have rights to change security settings on > anything. He said that from that experience, he realized exactly why > linux has a root user... :) > ~erin > > On Fri, 27 Aug 2004 09:29:34 -0600, Andrew Jorgensen > > > <[EMAIL PROTECTED]> wrote: > > In addition to the BIOS password you can also add a password to grub, > > but like Andrew said, if someone has physical access to the machine > > they own it. > > > > So now you're wondering if windows has the same scary "back door". Of > > course it does. Suppose you had a server with critical data on it and > > you had to fire the guy who has the root password, but he changed the > > password without telling anyone else 'cause he knew he was getting > > fired. Now what do you do? > > > > There's a floppy disk you can download that will let you reset the > > administrator password on a windows machine. It isn't made by > > microsoft, but it seems to work on all current versions of windows. > > (It's a linux floppy by the way.) > > http://home.eunet.no/~pnordahl/ntpasswd/ > > > > - Andrew > > > > > > > > On Fri, 27 Aug 2004 00:10:58 -0600, Andrew McNabb <[EMAIL PROTECTED]> wrote: > > > On Thu, Aug 26, 2004 at 11:50:09PM -0600, Ben Burgon wrote: > > > > Wow. I had never heard of that before. That's kind of scary to me. > > > > How would I dissable that feature? > > > > > > > > > > You can add a BIOS password. > > > > > > But no matter what, if someone has physical access to your machine they > > > can do whatever they want. > > > > > > -- > > > Andrew McNabb > > > http://www.mcnabbs.org/andrew/ > > > PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 > > > > > > > > > _______________________________________________ > > > newbies mailing list > > > [EMAIL PROTECTED] > > > http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies > > > > > > > > > > > > > > > > -- > > Andrew Jorgensen > > > > > > > > _______________________________________________ > > newbies mailing list > > [EMAIL PROTECTED] > > http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies > > > > > -- > -- userfriendly.org -- > > > > _______________________________________________ > newbies mailing list > [EMAIL PROTECTED] > http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies > _______________________________________________ newbies mailing list [EMAIL PROTECTED] http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies
