David et al. Like my original post indicated, a *colleague* of mine said he did it for his Senior VP. I didn't think it was possible in W2k and told him so; I was glad to think that. I fought hard to get rid of it during or migration to W2k and made a point to tell people the difference between W2k and W9x was they *had* to logon.
Please be careful who you say does not have a backbone, some people can get very offended by such an errant offense. Kudos to your research, not difficult but very well done. Related point: You may find interesting as I do a series of documents published by the NSA about how they suggest securing Windows 2K. You may find their link at http://nsa2.www.conxion.com/win2k/download.htm Again - Thank you, Paul -----Original Message----- From: Ryan Malayter [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 11:05 AM To: NT 2000 Discussions Subject: RE: Auto logon in W2k....? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wouldn't use the automatic login in any situaion except a public web kiosk. Not even in an educational institution. Why? For legal reasons. Using autologon disables the basic non-repudiation functionality that auditing provides in NT. "I didn't do that." "Oh, yes you did. Look at the system logs." This auditing information is vital evidence available to network administrators in a legal contest. Say someone out there in San Bernadino does something bad with a univerisity computer. A bad guy prints $10,000 check to him/serself on the U. accounting system, or loads child pronography to a web site, or sends an Exchange message to someone containing racial slurs. Naturally, the Univeristy wants to deal with the offender legally. But in your case, they really can't. Anyone (cleaning staff, students, a passersby) could have done it, since the only access they would have needed was physical access to a machine. The person whose login was used can simply say "it wasn't me", and you won't be able to reasonably show that it was. However, if passwords were used, passwords were kept secret by a university policy, and locking screensavers are enforced, the school could probably show in most cases that the owner of the login used was the actual offender. Now, of course digital audit logs can be tampered with by a skilled attacker. And NT auditing isn't nearly as robust as the cryptographically secure non-repuditiation offered by systems like PGP. But I believe that auditing certainlys strengthens the position of the university in a legal forum. *Especially* when senior personnel are involved - the U. itself could be liable for their actions! :::Ryan Malayter, MCSE :::Bank Administration Institute :::Chicago, Illinois, USA - -----Original Message----- From: Paul Done [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 11:40 AM To: NT 2000 Discussions Subject: RE: Auto logon in W2k....? Of course not, these are Senior VPs who want a computer that does everything for them (i.e start up before they walk in, query email, etc) The perceived benefit to a W2k "required" logon seemed perfect. Until someone found tweakui v 1.33. Now logons just take too long. I imagine that there will have to be some autologon using biometrics when it becomes mainstream. Kind of a waste -eh? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - GPGshell v2.01 Comment: For info see http://www.gnupg.org iD8DBQE74u5T9wZiZHyXot4RAnioAJ9D9+SGD9GdObtLibUoA2k6/TiyCACfcArK Keic9M2iFPkkur+mS30sxIs= =sZcp -----END PGP SIGNATURE----- ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
