Re: AD Simple LDAP authentication question

t; *Sent:* Tuesday, April 9, 2013 10:28 AM > > *To:* NT System Admin Issues > *Subject:* RE: AD Simple LDAP authentication question > > ** ** > > I'm looking into this: > > http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx > > Which I wasn'

RE: AD Simple LDAP authentication question

AM To: NT System Admin Issues Subject: RE: AD Simple LDAP authentication question I'm looking into this: http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx Which I wasn't aware of before. Looks like what I was interested in, but then I read this: "This setting do

RE: AD Simple LDAP authentication question

From: "Michael B. Smith" To: "NT System Admin Issues" Date: 04/09/2013 09:58 AM Subject: RE: AD Simple LDAP authentication question +1 My question was directed more to the fact that any "Authenticated User" has pretty much full read-access t

RE: AD Simple LDAP authentication question

imple LDAP authentication question On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar wrote: > I know that AD supports both Simple and SASL methods for LDAP binds: > > http://msdn.microsoft.com/en-us/library/cc223499.aspx > > What I was surprised is that there doesn't seem to be

Re: AD Simple LDAP authentication question

On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar wrote: > I know that AD supports both Simple and SASL methods for LDAP binds: > > http://msdn.microsoft.com/en-us/library/cc223499.aspx > > What I was surprised is that there doesn't seem to be a way to disable the > Simple method. It supports SSL

RE: AD Simple LDAP authentication question

>From a security perspective. It's allowing the username and password to be sent over the wire in clear text. You could say the same thing about NTLM, not that it's going over the wire in clear text. But you have the ability to not allow NTLM or LANMan authentication, why not a

RE: AD Simple LDAP authentication question

What benefit do you think there would be to disable it? From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, April 8, 2013 4:03 PM To: NT System Admin Issues Subject: AD Simple LDAP authentication question I know that AD supports both Simple and SASL methods for LDAP binds

AD Simple LDAP authentication question

I know that AD supports both Simple and SASL methods for LDAP binds: http://msdn.microsoft.com/en-us/library/cc223499.aspx What I was surprised is that there doesn't seem to be a way to disable the Simple method. It supports SSL/TLS but does not require it. Is that correct? Christopher Bodn

Re: Cross Domain authentication - brain freeze

16, 2013 11:54 AM Subject: RE: Cross Domain authentication - brain freeze Don-   You might refactor this code to use S.DS.AccountManagement. It abstracts all this stuff for you.   You’re going to start needing to think about global catalogs also with multiple domains, universal groups, etc

RE: Cross Domain authentication - brain freeze

gt; w – 312.625.1438 | c – 312.731.3132 From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, March 15, 2013 4:07 PM To: NT System Admin Issues Subject: Cross Domain authentication - brain freeze Hi guys. It's getting near quitting time here, and they just announced that the bar is op

RE: Require Network Level Authentication to RDP

sheim [mailto:eric.wittersh...@gmail.com] Sent: Monday, February 11, 2013 11:15 AM To: NT System Admin Issues Subject: Re: Require Network Level Authentication to RDP We are running it on our network. PCI auditors require it. We have Mac and Linux clients and everything is working fine. On Mon, F

RE: Require Network Level Authentication to RDP

I have no customers, that I know of, that use or require it. Thanks Webster From: David Lum [mailto:david@nwea.org] Sent: Monday, February 11, 2013 8:57 AM To: NT System Admin Issues Subject: Require Network Level Authentication to RDP Are you guys enforcing this on your networks? I'

RE: LDAP authentication across external trust

Domain B DC can send a referral to the client telling the client to go to a Domain A DC (it requires that the external reference object exist in the directory, but it should be there) – that’s how LDAP works. Domain B DC will not “proxy” the authentication request (unlike NTLM) to the Domain A

Re: LDAP authentication across external trust

have summed it up correctly. Never had to do something like > this before, but find it odd that this is no work around to get the Domain > B DC to hand off the authentication to the Domain A DC for the client. I've > got a call with Microsoft today to discuss this. I think you are rig

RE: LDAP authentication across external trust

Yes Ken you have summed it up correctly. Never had to do something like this before, but find it odd that this is no work around to get the Domain B DC to hand off the authentication to the Domain A DC for the client. I've got a call with Microsoft today to discuss this. I think you are

RE: LDAP authentication across external trust

Unless I'm reading your setup incorrectly: You have a one-way trust with selective authentication. When WebPortal (part of Domain B) contacts a Domain B DC, the Domain B DC would provide a referral to a Domain A DC (assuming the correct external cross-reference object exists). However you

Re: LDAP authentication across external trust

a one way trust relationship (Domain A is Trusted, > Domain B is Trusting). Domain B is in a DMZ. So Domain A users can access > resources in domain B with their Domain A credentials. Also using selective > authentication for this trust. Works great > > Working with a vendor to imple

Re: LDAP authentication across external trust

Insurance Company of America www.guardianlife.com From: Don Kuhlman To: "NT System Admin Issues" Date: 08/29/2012 04:59 PM Subject: Re: LDAP authentication across external trust Hi Chris. Are they in the same Forest or separate ? eg domaina.compa

Re: LDAP authentication across external trust

Hi Chris. Are they in the same Forest or separate ?  eg domaina.company.com and domainb.company.com or domaina.com an domainb.com ?Don KFrom: Christopher Bodnar To: NT System Admin Issues Sent: Wednesday, August 29, 2012 2:08 PM Subject: LDAP authentication across external trust We

LDAP authentication across external trust

We have 2 domains with a one way trust relationship (Domain A is Trusted, Domain B is Trusting). Domain B is in a DMZ. So Domain A users can access resources in domain B with their Domain A credentials. Also using selective authentication for this trust. Works great Working with a vendor to

RE: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

Control, VPN multi factor authentication, Moving Exchange into a DMZ We have 4-5 vendors we work with and use against each other for bidding. But mostly we listen to all and make an informed decision from all the information we get. From: Andrew S. Baker [mailto:asbz...@gmail.com]<mail

RE: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

Conversation: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ I always recommend that Sys Admins and IT Managers have a good technology partner that

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

Leave Exchange 2003 or even 2010 out of the DMZ but off my core >>>> tellering (SQL server) LAN as well just to apease them. >>>> > >>>> > VPN is currently Cisco anyconnect. I am going to add some kind of >>>> multi factor and ACL to the fir

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

uot; Date: 01/27/2012 10:20 AM Subject:Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ DLP is way more than just restricting access to removable devices. http://code.google.com/p/opendlp/ VPN access restrictions such as you mention

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

ge 2003 or even 2010 out of the DMZ but off my core >>> tellering (SQL server) LAN as well just to apease them. >>> > >>> > VPN is currently Cisco anyconnect. I am going to add some kind of >>> multi factor and ACL to the firewall for those that do get access.

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

On Fri, Jan 27, 2012 at 11:25 AM, James Rankin wrote: > DLP taken to logical extremes is extremely difficult. Everything taken to logical extremes is extremely difficult. (Note that I'm not disagreeing with you in the least.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resour

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

actor and ACL to the firewall for those that do get access. As well >> the software or agent that verifies windows updates and virusscan patching >> prior to authentication. >> > >> > Looking at DLP now. Currently all I do is look at outgoing emails. So >> anythin

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

nd ACL to the firewall for those that do get access. As well >> the software or agent that verifies windows updates and virusscan patching >> prior to authentication. >> > >> > Looking at DLP now. Currently all I do is look at outgoing emails. So >> anything mo

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

going to add some kind of multi > factor and ACL to the firewall for those that do get access. As well the > software or agent that verifies windows updates and virusscan patching > prior to authentication. > > > > Looking at DLP now. Currently all I do is look at outgoing

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

ulti > factor and ACL to the firewall for those that do get access.  As well the > software or agent that verifies windows updates and virusscan patching prior > to authentication. > > Looking at DLP now.  Currently all I do is look at outgoing emails.  So > anything more wi

RE: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

firewall for those that do get access. As well the software or agent that verifies windows updates and virusscan patching prior to authentication. Looking at DLP now. Currently all I do is look at outgoing emails. So anything more will be better. -Original Message- From: Kurt Buff

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

DLP is way more than just restricting access to removable devices. http://code.google.com/p/opendlp/ VPN access restrictions such as you mentioned are a good thing. There are open source two factor auth solutions. Exchange doesn't go in a DMZ On Fri, Jan 27, 2012 at 06:46, itli...@imcu.com wrot

Re: Linux AD Authentication

On Tue, Sep 13, 2011 at 10:44 AM, Robert Jackson wrote: >> What I'm finding is the ADUSER can log in to the Linux server and have its >> credentials authenticated against Windows 2003 AD correctly. > > id shows all membership groups from AD > Doesn't matter if the file is pre-existing or not, sam

RE: r...@walkermartyn.co.uk - Re: Linux AD Authentication - Bayesian Filter detected spam

ystem Admin Issues Subject: r...@walkermartyn.co.uk - Re: Linux AD Authentication - Bayesian Filter detected spam On Tue, Sep 13, 2011 at 5:49 AM, Robert Jackson wrote: > Are there any Likewise Open users out there? Not me, but I have used Samba to integrate with AD. > I'm having so

Re: Linux AD Authentication

On Tue, Sep 13, 2011 at 5:49 AM, Robert Jackson wrote: > Are there any Likewise Open users out there? Not me, but I have used Samba to integrate with AD. > I’m having some issues around trying to add domain > users to a local Linux group. Standard questions apply regardless of OS: What OS a

Linux AD Authentication

Are there any Likewise Open users out there? I'm having some issues around trying to add domain users to a local Linux group. So at the moment my /etc/group file looks like: locgrp:x:500:locusr,\\ > What I'm finding is the ADUSER can log in to the Linux server and have its credentials a

RE: NT authentication to 08 DC's

smond [mailto:br...@briandesmond.com] Sent: Thursday, August 11, 2011 1:28 PM To: NT System Admin Issues Subject: RE: NT authentication to 08 DC's It's possible the DC needs a reboot for the setting to be effective? Some of this legacy stuff is like that. I'd get a network trace of the

RE: NT authentication to 08 DC's

5.1438 | c - 312.731.3132 From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, August 11, 2011 11:23 AM To: NT System Admin Issues Subject: NT authentication to 08 DC's So I did my research and found multiple answers that say the same thing. In order for old NT clients to authenti

NT authentication to 08 DC's

->Security Options Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 session security if negotiated Computer Configuration->Policies->Administrative Templates->System->Net Logon Allow cryptography algorithms compatible with Windows NT 4.0 ---

RE: Wireless Authentication - Computer account vs. User account?

___ From: Damien Solodow [damien.solo...@harrison.edu] Sent: 08 August 2011 6:04 PM To: NT System Admin Issues Subject: RE: Wireless Authentication - Computer account vs. User account? I looked at an XP level Wireless settings in GPO and there was an option for Computer Authentication

RE: Wireless Authentication - Computer account vs. User account?

I looked at an XP level Wireless settings in GPO and there was an option for Computer Authentication Only.. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, August 08, 2011 1:00 PM To

RE: Wireless Authentication - Computer account vs. User account?

Damn, I said SP2 didn't I - I meant SP3 (barring a few x64 machines). From: Damien Solodow [damien.solo...@harrison.edu] Sent: 08 August 2011 5:56 PM To: NT System Admin Issues Subject: RE: Wireless Authentication - Computer account vs. User account? As I r

RE: Wireless Authentication - Computer account vs. User account?

As I recall, XP SP3 included a number of updates related to Wireless authentication and I think it resolves that issue. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, August 08, 2011

Wireless Authentication - Computer account vs. User account?

On the off-chance that it could save me a lot of reading, does any know if there is a way to force Windows XP to authenticate to an 802.11 wireless system using the computer account and not the account of the logged on user? It seems that Windows 7 does this by default, Vista can be made to do s

LFR: FTPS with RADIUS Authentication

Hi, I’m looking for recommendations for an FTPS server for Window Server 2003 that supports RADIUS authentication. So far all I’ve only been able to find something called SurgeFTP but I suspect there are other options out there and I’d appreciate some input. Freeware or commercial software

Authentication issue with SAMBA clients?

Has anyone run into an issue with SAMBA clients and this? http://support.microsoft.com/kb/2536720 Chris Bodnar, MCSE, MCITP Technical Support III Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-

Re: OT: Dropbox authentication: insecure by design

On Wed, Apr 13, 2011 at 6:25 PM, Kurt Buff wrote: > I'm not clear on what the Dropbox host_id is either, but Muffett gives > the classic example: ssh keys. Good analogy, I think. Well, that depends. If the host_id is a private/secret key, okay, it's a great analogy. But private keys are, you

RE: OT: Dropbox authentication: insecure by design

-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, April 13, 2011 5:35 PM To: NT System Admin Issues Subject: Re: OT: Dropbox authentication: insecure by design On Wed, Apr 13, 2011 at 11:17, Andrew S. Baker wrote: >>>The takeaway here: Don&#x

Re: OT: Dropbox authentication: insecure by design

On Wed, Apr 13, 2011 at 7:52 PM, Andrew S. Baker wrote: > Back to me and my 15% shared storage.  If the full system of one of the > people who I share a set of folders with becomes compromised, some 3rd party > could setup a separate machine that would allow them to install DropBox and > get acces

Re: OT: Dropbox authentication: insecure by design

the > major use cases for this service. Putting aside any concerns about the > security of the Dropbox infrastructure (which is a considerable > question of its own), the security model for this is completely > borked. > > > Feel free to suggest an authentication mechani

Re: OT: Dropbox authentication: insecure by design

; http://blogs.computerworlduk.com/unscrewing-security/2011/04/practical-dropbox-security-advice/index.htm > [2] Thanks, ASB. > [3] http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/ I'm not clear on what the Dropbox host_id is either, but Muffett gives the classic examp

Re: OT: Dropbox authentication: insecure by design

ccount with folks whose machines are not under your control, which, from my understanding, is one of the major use cases for this service. Putting aside any concerns about the security of the Dropbox infrastructure (which is a considerable question of its own), the security model for this is comple

Re: OT: Dropbox authentication: insecure by design

B. [3] http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/ -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-s

Re: OT: Dropbox authentication: insecure by design

ore risks than if you weren't. Feel free to suggest an authentication mechanism that would withstand the initial premise of "your machine is exposed such that your config.db is stolen". Several of the comments, particularly those by alec muffett<http://blogs.computerworlduk.com/unscre

Re: OT: Dropbox authentication: insecure by design

om you share the dropbox. Without authentication, any compromised machine can emit the config, and you'll have no way of knowing it. It gets worse when you consider that other clients for it are available, including clients that run on hosts for which there are few or no effective anti-malwar

Re: OT: Dropbox authentication: insecure by design

again, if someone has access to your config.db you have MUCH larger problems than access to your dropbox. - Who'd you rather be, the Beatles or the Rolling Stones? On Wed, Apr 13, 2011 at 10:14, Kurt Buff wrote: > On Tue, Apr 12, 2011 at 22:39, Angus Scott-Fleming > wrote

Re: OT: Dropbox authentication: insecure by design

On Tue, Apr 12, 2011 at 22:39, Angus Scott-Fleming wrote: > WTF were they thinking? You assume facts which are not in evidence. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ ~ --- To manage subscriptions c

Re: OT: Dropbox authentication: insecure by design

ollows = > Dropbox authentication: insecure by design > >... > >After some testing (modification of data within the config table, etc) > it >became clear that the Dropbox client uses only the host_id to >authenticate. Here´s the problem: the config.db fil

OT: Dropbox authentication: insecure by design

Don't know if any of you (or your clients) use Dropbox (I do), but if you do, you should probably read this and pass it on: = Included Stuff Follows = Dropbox authentication: insecure by design ... After some testing (modification of data within the c

RE: Certificate Authentication with VPNs

: NT System Admin Issues Subject: Certificate Authentication with VPNs We are currently looking to deploy an L2TP/IPSEC VPN server using RRAS in 2008 R2 with the following goals: * Two factor authentication * A protocol and Authentication method that is supported on apple

Certificate Authentication with VPNs

We are currently looking to deploy an L2TP/IPSEC VPN server using RRAS in 2008 R2 with the following goals: * Two factor authentication * A protocol and Authentication method that is supported on apple products, particularly iPads (I know, *deep sigh*) * Some type of

RE: multi-factor authentication

lti-factor authentication I haven't used it, but I like the concept. I'm not sure the real vulnerabilities in call forwarding, lost mobile phones, etc that might mitigate the security this adds, but I think it's a good direction to research. What is cost for enterprise type implem

Re: multi-factor authentication

:22 AM, Zvonimir Bilic >> wrote: >> >>> Hello, >>> Does anyone use http://www.phonefactor.com/ for multi-factor >>> authentication? >>> Any feedback, good or bad? >>> >>> Thanks >>> Zvonimir >>> >>>

Re: multi-factor authentication

e > phones, etc that might mitigate the security this adds, but I think it's a > good direction to research. > What is cost for enterprise type implementation ? > > On Tue, Feb 8, 2011 at 11:22 AM, Zvonimir Bilic wrote: > >> Hello, >> Does anyone use http://ww

Re: multi-factor authentication

011 at 11:22 AM, Zvonimir Bilic wrote: > Hello, > Does anyone use http://www.phonefactor.com/ for multi-factor > authentication? > Any feedback, good or bad? > > Thanks > Zvonimir > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog!

multi-factor authentication

Hello, Does anyone use http://www.phonefactor.com/ for multi-factor authentication? Any feedback, good or bad? Thanks Zvonimir ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscrip

OT: Blackberry 5.x with AD authentication

Folks, I recently upgraded my BES 4.1.7 to 5 SP1 MR1 on new hardware. AD authentication does not work expect for the accounts I added when I installed the software. Lots about this on the web but I have not been able to resolve this. I've already called support and have an open

RE: Authentication

...@asmail.ucdavis.edu] Sent: Monday, November 01, 2010 1:48 PM To: NT System Admin Issues Subject: Authentication I just created an AD 2008 forest for my church. Most of the computers there are XP Home edition. I have created domain accounts in the AD forest with the same user name and password as they have

Re: Authentication

ssword as they have on their XP Home system. > Most of them can use domain resources without any authentication to the > server. They just log on to their computer and it works. There are two > computers where this is not the case. After logging on to XP, if they click > Start | Run an

RE: Authentication

b click "Manage passwords." Carl From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Monday, November 01, 2010 4:48 PM To: NT System Admin Issues Subject: Authentication I just created an AD 2008 forest for my church. Most of the computers there are XP Home edition. I have c

RE: Authentication

h the domain and the local machine. I'm using the AD integrated DNS. Curt From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, November 01, 2010 1:56 PM To: NT System Admin Issues Subject: Re: Authentication What's different about the machines where this isn'

Re: Authentication

Most of them can use domain resources without any authentication to the > server. They just log on to their computer and it works. There are two > computers where this is not the case. After logging on to XP, if they click > Start | Run and type in \\server it prompts for a username and password

Authentication

I just created an AD 2008 forest for my church. Most of the computers there are XP Home edition. I have created domain accounts in the AD forest with the same user name and password as they have on their XP Home system. Most of them can use domain resources without any authentication to the

Re: Biometric AD authentication

metric method, but > its usually the most accepted method. Agree that is can be forged, but it > does take some work. > > > > We all know passwords aren’t going to “cut it” but is the value of the > assets you are trying to protect worth the increase controls and >

RE: Biometric AD authentication

Or incendiary rounds. Hence, my love for it. -sc > -Original Message- > From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] > Sent: Wednesday, September 15, 2010 4:21 PM > To: NT System Admin Issues > Subject: RE: Biometric AD authentication > > Just about everythin

Re: Biometric AD authentication

It's already happening, not just in films http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm On 15 September 2010 23:05, Phillip Partipilo wrote: > Biometric authentication has bigger problems than gummy bears… Did you > see the retina scan in the movie Demolition Man? > >

RE: Biometric AD authentication

th the increase controls and authentication that biometrics bring? Retina/Iris Scans are not well received as a biometric method but are highly accurate and almost impossible to force ( unless you want to rip someones eyeball out of their socket and replace yours) ( Brings back Tom Crui

RE: Biometric AD authentication

provides a cert + PIN solution. Cheers Ken From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Thursday, 16 September 2010 4:18 AM To: NT System Admin Issues Subject: RE: Biometric AD authentication I do understand that this is "relatively" easily fooled, but smart cards are not an

RE: Biometric AD authentication

Biometric authentication has bigger problems than gummy bears... Did you see the retina scan in the movie Demolition Man? Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, September 15, 2010 4:18 PM

Re: Biometric AD authentication

o:* NT System Admin Issues > *Subject:* RE: Biometric AD authentication > > > > Fingerprint as an auth method is passé. It’s easily forged. I’m pretty sure > Secunia published a study about that last year, finding that it didn’t > matter if your reader was $25 or $500 – they were eas

RE: Biometric AD authentication

ssues Subject: Re: Biometric AD authentication Wasn't that one on Mythbusters? From: Steven M. Caesare <mailto:scaes...@caesare.com> Sent: Wednesday, September 15, 2010 11:09 AM To: NT System Admin Issues <mailto:ntsysadmin@lyris.sunbelt-software.com> Subject: R

RE: Biometric AD authentication

ael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, September 15, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Fingerprint as an auth method is passé. It's easily forged. I'm pretty sure Secunia published a study about that last year, fin

RE: Biometric AD authentication

haha probably! From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, September 15, 2010 3:49 PM To: NT System Admin Issues Subject: Re: Biometric AD authentication "I thought that the new ones weren't able to be forged with gummy bears..?" Is that on their Mark

RE: Biometric AD authentication

From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, September 15, 2010 3:49 PM To: NT System Admin Issues Subject: Re: Biometric AD authentication "I thought that the new ones weren't able to be forged with gummy bears..?" Is that on their Marketing brochure

Re: Biometric AD authentication

weren’t able to be forged with gummy bears..? > > > > I can’t say for sure, I am not able to look it up at the moment. > > > > *From:* Steven M. Caesare [mailto:scaes...@caesare.com] > *Sent:* Wednesday, September 15, 2010 3:24 PM > > *To:* NT System Admin Issues >

RE: Biometric AD authentication

ometric AD authentication No, that one involved C4. -sc From: James Winzenz [mailto:james.winz...@hotmail.com] Sent: Wednesday, September 15, 2010 2:35 PM To: NT System Admin Issues Subject: Re: Biometric AD authentication Wasn't that one on Mythbusters? From: Steven M. Caesare<mailto:scaes...

RE: Biometric AD authentication

No, that one involved C4. -sc From: James Winzenz [mailto:james.winz...@hotmail.com] Sent: Wednesday, September 15, 2010 2:35 PM To: NT System Admin Issues Subject: Re: Biometric AD authentication Wasn't that one on Mythbusters? From: Steven M. Caesare <mailto:scaes...@cae

RE: Biometric AD authentication

IIRC, the expensive stuff was easier to fool than the inexpensive stuff... :-) From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Wednesday, September 15, 2010 2:37 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Yep.  They were able to fool it pretty easily

RE: Biometric AD authentication

-) From: James Winzenz [mailto:james.winz...@hotmail.com] Sent: Wednesday, September 15, 2010 2:35 PM To: NT System Admin Issues Subject: Re: Biometric AD authentication Wasn't that one on Mythbusters? From: Steven M. Caesare Sent: Wednesday, September 15, 2010 11:09 AM To: NT System Admin Iss

RE: Biometric AD authentication

Yep. They were able to fool it pretty easily. From: James Winzenz [mailto:james.winz...@hotmail.com] Sent: Wednesday, September 15, 2010 2:35 PM To: NT System Admin Issues Subject: Re: Biometric AD authentication Wasn't that one on Mythbusters? From: S

Re: Biometric AD authentication

Biometric AD authenticationWasn't that one on Mythbusters? From: Steven M. Caesare Sent: Wednesday, September 15, 2010 11:09 AM To: NT System Admin Issues Subject: RE: Biometric AD authentication One of the exploits involved a Gummi Bear, IIRC. -sc From: Michael B.

RE: Biometric AD authentication

One of the exploits involved a Gummi Bear, IIRC. -sc From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, September 15, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Fingerprint as an auth method is passé. It's easily forged

RE: Biometric AD authentication

users from having to remember multiple passwords. From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, September 15, 2010 12:53 PM To: NT System Admin Issues Subject: Biometric AD authentication Greetings, I've been tasked with coming up with some solutions for biometr

RE: Biometric AD authentication

chael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, September 15, 2010 12:53 PM To: NT System Admin Issues Subject: Biometric AD authentication Greetings, I've been tasked with coming up with s

Biometric AD authentication

Greetings, I've been tasked with coming up with some solutions for biometric AD authentication. Quick background: We are in the healthcare field and will be providing tablet PCs to some of our practitioners. We have been going around about how to provide authentication to these folks

RE: Wireless Machine Authentication

the PCs you want to that group. Make sure the wireless 802.1x configuration on the PCs is set properly so the authentication mode is "user or computer". That should do it. -Malcolm From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Friday, August 20, 2010 09:07 To: NT System Ad

Re: Wireless Machine Authentication

achine. Do I > need to create a machine certificate for each individual machine? Then map > that same cert to the computer AD account? > > > > *From:* Malcolm Reitz [mailto:malcolm.re...@live.com] > *Sent:* Monday, August 02, 2010 11:12 AM > *To:* NT System Admin I

RE: Wireless Machine Authentication

AD account? From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Monday, August 02, 2010 11:12 AM To: NT System Admin Issues Subject: RE: Wireless Machine Authentication We used the machine AD credentials, as that is the path of least resistance. It is a pretty simple GPO configuration to set

Re: FYI: SERVICE needs Impersonate a client after authentication

om/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Thu, Aug 5, 2010 at 11:38 AM, Ben Scott wrote: > On Wed, Aug 4, 2010 at 9:01 PM, Andrew S. Baker wrote: > >> "Impersonate a client

Re: FYI: SERVICE needs Impersonate a client after authentication

On Wed, Aug 4, 2010 at 9:01 PM, Andrew S. Baker wrote: >> "Impersonate a client after authentication" ... do not remove >> the "SERVICE" Special Identity ... > > What would cause them to desire the removal of that functionality? Because "Impersonate&

  1   2   3   >