Re: MS Client Binding on External NIC

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Merv Porter [SBS-MVP] (mwport_at_no_spam_hotmail.com)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 13:02:54 -0500

Looks like unchecking Client for MS Networks on the external NIC doesn't buy
a whole lot of additional security with SBS 2003 Standard. Thanks for
clearing that up Wesley. 

-- 
Merv  Porter  [SBS MVP]
===================================
"Wesley Kendall [MSFT]" <a-wesk@online.microsoft.com> wrote in message
news:pQQ8IMu1EHA.3200@cpmsftngxa10.phx.gbl...
> >Hi Wesley,
> >
> >> The ISA firewall service will protect the client for MS networks from
the
> >...
> >
> >What about with SBS 2003 Standard?  I note that the Client for MS
networks
> >is also checkmarked on the external NIC on those systems as well.  Will
the
> >Basic Firewall protect Client for MS Networks as well as ISA?
>
>
> The following is straight from the product group:
>
> "We don't touch this more in the manner of "we don't disable it" rather
> than "we purposely make sure it's enabled".
>
> We do disable File and Printer sharing on the external NIC to prevent
> shares and printers from being shared externally, which is probably what
> people think this is.
>
> Think of it this way, File and Printer sharing is the "Everyone on the
> Internet can access me" one, while Client for Microsoft Networks is "I can
> access everyone [that's listening] on the Internet" one.
>
> Disabling Client for Microsoft Networks is probably a defense-in-depth
> measure we could do, but I'm not exactly sure how much protection that
buys
> the customer, especially on Standard or Premium machines that allow all
> outbound access."
>
>
>
> In other words, disabling the Client for Microsoft Networks on the
external
> NIC prevents you from doing a "net use * \\<internet IP>" to a file share
> somewhere on the internet (or DMZ).
>
> Thanks!
>
>
>
> --
>
> Wesley Kendall
> Small Business Server Product Support
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> Get Secure! http://www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
>
> =====================================================
>
>

Relevant Pages

  • Re: just simple facts
    ... if u dont have client.. ... ISP would recommend to hide their problem of authentication so u dont have ... I want to know what enabling 'Client for Microsoft Networks' ... DUN will then redial ...
    (microsoft.public.win2000.security)
  • Re: 802.1X Setup using Server 03 and Aironet 1200 Series WAP help
    ... Office/Home Office or Small Organization Networks" ... communication between the wireless client and IAS just was not ... most of the 170 pg Microsoft pdf located at the link below. ... Windows" documentation http://technet.microsoft.com/en-us/library/bb457068.aspx ...
    (microsoft.public.internet.radius)
  • Re: MS Client Binding on External NIC
    ... What about with SBS 2003 Standard? ... Basic Firewall protect Client for MS Networks as well as ISA? ... >>external access to the SBS server via RWW, RDC or VPN with RDC. ...
    (microsoft.public.windows.server.sbs)
  • Re: just simple facts
    ... I do use Client to browse local network but not on my dialup adapter. ... I want to know what enabling 'Client for Microsoft Networks' ... >> Why would an ISP 'recommend' it be installed for Internet access? ...
    (microsoft.public.win2000.security)
  • Re: MS Client Binding on External NIC
    ... >What about with SBS 2003 Standard? ... I note that the Client for MS networks ... >Basic Firewall protect Client for MS Networks as well as ISA? ...
    (microsoft.public.windows.server.sbs)