Re: can my domain administrators see what i have typed
- From: "Dmitri Gavrilov [MSFT]" <dmitrig@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 May 2005 11:19:12 -0600
We could also add
3. Don't VPN to work from home computer.
4. Don't bring a company notebook home and plug it into your home network.
It can be quite paranoid.
But my statement still holds -- you should trust your domain admins, or fire
them, or quit your job yourself. Domain admins have a lot of power, at least
at work, and they can cause you grief if they want to. However, for them
this would be a serious offense, so usually, they don't abuse their power.
Also, if you are worried, setup/request external auditing. A smart
hack-admin can cover his tracks, but some traces will still remain.
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:OFMWOIyTFHA.2664@xxxxxxxxxxxxxxxxxxxxxxx
> Well you can definitely make sure this can't happen.
>
> 1. Make sure your personal passwords are different from your work
> passwords.
> 2. Don't do personal stuff from work.
>
> It is almost certain that whatever you are doing that is personal is done
> through a web proxy and they have access to all web traffic when they want
> it. Alternatively, the PCs are their's and they have the option to dig out
> any info out of them they want to or monitor them in any way they want to.
>
> This is very easy for you to control.
>
> joe
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Hope Paka wrote:
>> They already know my domain accounts password. What i affraid of is, they
>> may steal my hotmail, bank or other account/passwords.
>>
>> "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
>> news:eoFzCTNTFHA.3840@xxxxxxxxxxxxxxxxxxxxxxx
>>
>>>They don't really need to see what you type if they want your password
>>>and the own the domain.
>>>
>>>First option is that they can dump the password hash and brute force your
>>>password which could take milliseconds or hours or ? depending on how
>>>smart the admins are and how good your password is. Look up Project
>>>RainbowCrack, the precomputed hash tables make easy work of many password
>>>hashes.
>>>
>>>The second option is that the put a password filter in place and catch it
>>>in clear text the next time you change your password.
>>>
>>>The third option is to set up a web site that you go to that only accepts
>>>basic auth of your domain ID and then they just dump out the password
>>>variable or pull it out of the header.
>>>
>>> joe
>>>
>>>--
>>>Joe Richards Microsoft MVP Windows Server Directory Services
>>>www.joeware.net
>>>
>>>
>>>Hope Paka wrote:
>>>
>>>> I am on a domain and log in to a server on the domain. I wonder, if
>>>> the admins of the domain can see what i have typed when i logged in to
>>>> the domain. For example, can they see my passwords.
>>>> I know third party tools catch your type. Do windows server 2003
>>>> have this capability.
>>>>
>>
.
- References:
- Re: can my domain administrators see what i have typed
- From: Hope Paka
- Re: can my domain administrators see what i have typed
- From: Joe Richards [MVP]
- Re: can my domain administrators see what i have typed
- Prev by Date: Firewall GP settings
- Next by Date: How to clear AD Credentials
- Previous by thread: Re: can my domain administrators see what i have typed
- Next by thread: Re: can my domain administrators see what i have typed
- Index(es):
Relevant Pages
|
