Re: Security using Sharepoint

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 08/07/04

Next message: Ricky Morris [MSFT]: "RE: renaming default calendar or sharing multiple calendars."
Previous message: Lanwench [MVP - Exchange]: "Re: <<< XP sp2 info >>>"
In reply to: anonymous_at_discussions.microsoft.com: "Security using Sharepoint"
Messages sorted by: [ date ] [ thread ]

Date: Sat, 07 Aug 2004 13:33:04 -0700

That's why we have auditing enabled. Your daily monitoring email will
give you the heads up

AND make it a really long hunking pass PHRASE that can't be brute forced.

Look into passprop for more info.

But honestly... at this time they won't be "brute forcing" our boxes
with long complex passwords.

change the administrator account name, set up a bogus admin account with
low rights and we'll be just fine around here.

We're not large firms that someone with the hacking tools that attended
Defcon would go after. We're going to get hit by auto-hack tools.

If you have Win98 machines in your network and still have lanmanhash
enabled, if you have easy passwords, if you have ndr enabled, you've got
more security issues to worry about than worrying about passwords.

anonymous@discussions.microsoft.com wrote:
> I am currently set up using SBS Premium with a single NIC
> going via a router/firewall.
>
> I have set password policies and lockout for incorrect
> login attempts, however, I am concerned that brute force
> hacking may be possible via the administration login
> (which doesnt appear to be affected by incorrect logins).
>
> I removed administrator from the "Remote Web Workplace
> Users" group, but unfortunately can still log in as
> administrator.
>
> Any advice would be much appreciated.
>
> Gary Collinson

-- 
http://www.sbslinks.com/really.htm

Next message: Ricky Morris [MSFT]: "RE: renaming default calendar or sharing multiple calendars."
Previous message: Lanwench [MVP - Exchange]: "Re: <<< XP sp2 info >>>"
In reply to: anonymous_at_discussions.microsoft.com: "Security using Sharepoint"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Cannot login after changing Domain to Workgroup on Laptop
... If you can't log in locally, clearly you *don't* know all the administrator ... You'd need to know the local admin credentials. ... WinXP Pro w/Traditional login dialogue box. ... I know all the administrator passwords and ...
(microsoft.public.security)
Re: cant log in at all
... Login as 'the' Administrator and reset the passwords. ...
(microsoft.public.windowsxp.security_admin)
Block incoming ip
... I keep getting notices of bad login attempts on the administrator ... account, always coming from the same ip. ... I have strong passwords so ...
(microsoft.public.windows.server.sbs)
Cannot login as administrator
... point where I can login as an administrator. ... additional account (actually 2, ... account I created) without passwords which are admiinsitrator accounts but ...
(microsoft.public.windowsxp.help_and_support)
Re: >> Converting a work computer to a home computer?
... When I login to windows, ... Before anything else, you need to be able to log in as an administrator, ... member of a domain to a workgroup. ... network settings that point to invalid servers ...
(microsoft.public.windowsxp.general)