Windows Server

Mike SF · Guest

I understand that this is not right - however - my client has DEMANDED that
one user not have to put a password in every time he logs in in the morning.

I just put a new server in - and they were running in a WG without passwords
for years - now he is getting pissed that he has to put in a password.

I have told him of the security concerns and the risks enabled with this. He
doesnt mind.

My question - can you set it so he doesnt have to put a password in? - if
so - how?

Dusko Savatovic · Guest

Win Server 2003 will not allow access to shared folders to users with blank
password.

One way you can override password policy for a single computer is to enable
Auto Logon.
Here is the extract from a script that does it, but you can change these
registry keys manually.

'Setting Auto Logon
WshShell.RegWrite "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AutoAdminLogon", 1 ,"REG_SZ"
wshshell.Regwrite "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\DefaultUserName", "your_username_here", "REG_SZ"
wshshell.Regwrite "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\DefaultPassword", "your_password_here", "REG_SZ"
wshshell.RegWrite "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\DefaultDomainName", "YOUR_DOMAIN_HERE", "REG_SZ"

Dusko Savatovic

"Mike SF" <Michael@nospam.datacubesystems.com> wrote in message
news:ebul2Lr4EHA.208@TK2MSFTNGP12.phx.gbl...

Miha Pihler · Guest

Hi Mike,

Try if this will help you...

How To Enable Automatic Logon in Windows
http://support.microsoft.com/kb/q310584/

Give your customer a disclaimer to sign that you did this on their specific
request. It might come in handy at a later time.

Mike

"Mike SF" <Michael@nospam.datacubesystems.com> wrote in message
news:ebul2Lr4EHA.208@TK2MSFTNGP12.phx.gbl...

Steve Riley [MSFT] · Guest

This is one customer you should no longer service. Drop him.

Steve Riley
steriley@microsoft.com

"Mike SF" <Michael@nospam.datacubesystems.com> wrote in message
news:ebul2Lr4EHA.208@TK2MSFTNGP12.phx.gbl...

warren bailey · Guest

I would say the same, but will your boss (bill) send him a check for not
installing a machine that was insecure... ;)

"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:OuuLB3s4EHA.2876@TK2MSFTNGP12.phx.gbl...

Joe Richards [MVP] · Guest

Implement smartcards or biometrics.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Mike SF wrote:

Andrew Mitchell · Guest

"Joe Richards [MVP]" <humorexpress@hotmail.com> said

Steven L Umbach · Guest

Too easy to get someone's blood with or without their cooperation and
subject to social engineering. --- Steve

"Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
news:Xns95C2F393A90DAcasey01@207.46.248.16...

Steve Riley [MSFT] · Guest

DNA is a poor choice for use as an authenticator. Acquiring and storing DNA
samples requires people to expose certain things about themselves that have
nothing to do with authentication but would likely be misused for
discrimination -- diseases, genetic traits, and so on.

Steve Riley
steriley@microsoft.com

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:erdCmEG5EHA.3648@TK2MSFTNGP11.phx.gbl...

Steven L Umbach · Guest

I am not a big fan of biometrics anyhow after seeing the movie Demolition
Man. --- Steve

"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:%23kKN50G5EHA.3756@TK2MSFTNGP14.phx.gbl...

Jörgen · Guest

Another big drawback with biometrics is that if someone comprimises your DNA
it's pretty hard to change your password...

"Steven L Umbach" <n9rou@nospam-comcast.net> skrev i meddelandet
news:e6XGT8G5EHA.3416@TK2MSFTNGP09.phx.gbl...

Steve Riley [MSFT] · Guest

That's the whole reason behind requiring a secret in any kind of
authentication system.

It's perfectly OK to use "public" information, like a fingerprint,
retina scan, even DNA (still scary for the reason I mention below) as
an *identifier*, but you still need to combine that with something
else, like a password or private key to use as the *authenticator*.

An authenticator is something that proves your identity. It's a
secret, so (presumably) only you know it. And if it gets compromised,
you can get a new one.

As you consider products and technologies to improve authentication,
don't forget these facts. Identity and authentication are separate
functions and shouldn't be combined.

Steve Riley
steriley@microsoft.com

"Jrg" <jorgen_persson78@hotmail.com> wrote in message
news:%23EWcdtm5EHA.3840@tk2msftngp13.phx.gbl...

Steven L Umbach · Guest

If someone compromises your DNA, changing your password is the least of your
problems. --- Steve

"Jörgen" <jorgen_persson78@hotmail.com> wrote in message
news:%23EWcdtm5EHA.3840@tk2msftngp13.phx.gbl...

Jörgen · Guest

Yes ofcourse but still we are talking about passwords now and not nuclear
wars or stolen passport am I right??

/J

"Steven L Umbach" <n9rou@nospam-comcast.net> skrev i meddelandet
news:OLYXg4s5EHA.3368@TK2MSFTNGP10.phx.gbl...

Steve Riley [MSFT] · Guest

There has been talk about using DNA for authentication to computers.

Extending the concept, though, I'm opposed to using DNA for *any* form of
authentication. I don't want my DNA in some computer system, and I don't
want it on my passport.

I haven't made up my mind yet on finger print or retina scan data on passports,
though. I can see both sides of the argument. I guess I'm having cognitive
dissonance right now... ;)

Steve Riley
steriley@microsoft.com

	Windows Server Forum Index -> Security	All times are GMT Goto page 1, 2 Next
Page 1 of 2

Password Policy Goto page 1, 2 Next