Tokens area a core functionality of Windows, there isn't a way to really 'fix' it. However there are group policy settings that limit remote logon (and their token)'s validity time, as well as having Domain Admins have separate accounts (std user + "admin") accounts that they only use when they absolutely have to. Also, don't have services running with Domain Admins ;-).
Hope some mitigations will suffice.. -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com Ignore this: x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* On Wed, May 5, 2010 at 8:26 AM, Robin Wood <[email protected]> wrote: > Hi > Has anyone got any good references I can pass on to clients I've owned > through incognito? Beyond suggesting be careful who you log in as and > using least privileges what else can I suggest? > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
