RE: audit

Tue, 14 Aug 2001 07:23:41 -0700 

I think you have the right one below.  But remember, that setting is a
computer setting, so you need to apply that policy to the appropriate
servers.  Then in each user, define their hours (or use another GPO)

I'm going to try it right now, but it may take a bit so that I can ensure
that the policy replicates prior to the login hours I define.

-----Original Message-----
From: Shirley Laliberte [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 14, 2001 10:31 AM
To: NT System Admin Issues
Subject: RE: audit


You're reply prompts another question.  I did restrict hours from 6:00 AM to
midnight.  I noticed that if an individual did not logoff that all during
the night they were shown in the security log.  I found a group policy
(windows 2000) that says to log off users after login time has expired.
This doesn't seem to be the key to force their logoff.  Am I looking in the
wrong place???

-----Original Message-----
From: Erik Brown [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 14, 2001 10:24 AM
To: NT System Admin Issues
Subject: RE: audit


I use it here because the old cleaning crew had a bad habit of trying to
access stuff on users PCs that weren't logged off. It helps to take care of
"memory" problems (people forget to log off...etc). It also keeps people out
while the backups are running.

Erik

-----Original Message-----
From: Shirley Laliberte [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 14, 2001 9:04 AM
To: NT System Admin Issues
Subject: audit


Our auditors just wrote us up.
Here's their statement "The credit Union is not utilizing time/day
restrictions in Windows.  These setting restrict users from gaining network
access during non-business hours. If not set appropriately, these accounts
can be exploited to gain unauthorized access to the network".

We have not dial up connections to the network.  The only thing we have
setup is to allow a connection to the Exchange server for internet email.
We have eight digit passwords and an account is locked out after 3 invalid
attempts.

I don't believe having logon hour restrictions will improve security but I
would like other opinions.

Opinions???

Shirley Laliberte
Quincy Municipal Credit Union




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to