Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: pwdump 2 & 3
From: Barrie Dempster <barrie () reboot-robot net>
Date: Wed, 22 Dec 2004 10:34:44 +0000

On Thu, 2004-12-16 at 18:22 -0500, Chris Buechler wrote:
<snip>
Also, FYI, you can set this domain-wide in group policy if you have
Active Directory.  Under Computer Configuration, Windows Settings,
Local Policies, Security Options.  "Interactive logon: Number of
previous logons to cache (in case domain controller is not available)"
<snip>

Your laptops could be moved to a separate OU from your desktops (common
setup as GPO differs often between the two) then you could have all the
Desktop machines set to 0 and the laptops set to 1 - most laptops are
single user machines anyway.

This would give you the best of both, your laptop users would retain
their single profile and be able to access their machines whilst not
connected to the network and your Desktop machines wouldn't cache
credentials.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]




Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault