> -----Original Message----- > From: phiber2001 [mailto:[EMAIL PROTECTED]] > Sent: Saturday, October 27, 2001 11:51 AM > To: [EMAIL PROTECTED] > Subject: W2k Blues > > > We have this W2k (Professional) and want to by-pass the login > window. It > has all the guest/ default accounts disabled and has only 7 > accounts for 7 > users. What are the various ways we can penetrate this pc > with or without > gaining Administrative access? Can any user (other than > admin) get the > password file and brute force it to crack the password? > You can't bypass the login screen, you have to have a user account and password to gain access. The best way to prevent Admin level access is to go into the Computer Management portion of the MMC and choose the Local Users and Groups function and create a standard user there. Anyone that can get to the SAM can use a brute force cracker on it. They can copy it to another PC and use brute force attack software on it.
> Also we want to setup IIS/ FTP/ SSH/ SMTP, POP etc and want > to test them. > Is it a good idea to switch from Professional to Advanced Server for > installing all these? We don't have any domain name > registered and have 1 > NIC attached to this PC; is it possible to dummy test all > these in pc as > localhost? Should we buy consider upgrading to Adv. Server? You can run the versions of IIS, etc. on the 2K Pro PC and test against it. You don't have to go to Adv. Server, you could always just go to Server. You can just access the box via the local net by it's IP address. You might even be able to access it via a host header. Robert Clark MCSE, MCP+I, MCP, A+ MIS - Texas Cellular
