On 7 May 2010 20:50, Rob Fuller <[email protected]> wrote: > Tokens area a core functionality of Windows, there isn't a way to > really 'fix' it. However there are group policy settings that limit > remote logon (and their token)'s validity time, as well as having > Domain Admins have separate accounts (std user + "admin") accounts > that they only use when they absolutely have to. Also, don't have > services running with Domain Admins ;-). > > Hope some mitigations will suffice..
That is kind of the conclusions I came to talking to friends. Its hard to tell a client that you just popped their box through cached credentials and tell them that there isn't much they can do as it is a windows feature. Oh well, glad I'm not missing something obvious. Robin > > > -- > Rob Fuller | Mubix > Room362.com | Hak5.org | TheAcademyPro.com > Ignore this: > x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* > > > > > On Wed, May 5, 2010 at 8:26 AM, Robin Wood <[email protected]> wrote: >> Hi >> Has anyone got any good references I can pass on to clients I've owned >> through incognito? Beyond suggesting be careful who you log in as and >> using least privileges what else can I suggest? >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
