Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Modifying default behaviour of MS VPN client

from [Raoul Armfield] Network Security [Permanent Link]
Subject: RE: Modifying default behaviour of MS VPN client
Date: Wed, 8 Dec 2004 15:01:02 -0500 
Not certain but would it have something to do with the Local Security
options - InteractiveLogon: Number of previous logons to cache?  Maybe if
you set that to 0 it will solve this problem.  Surely you can even fix this
through a group policy.

Raoul  

:-----Original Message-----
:From: Wozny, Scott (US - New York) [mailto:swozny@deloitte.com] 
:Sent: Wednesday, December 08, 2004 12:26 PM
:To: marco2; focus-ms@securityfocus.com
:Subject: RE: Modifying default behaviour of MS VPN client
:
:Yes it is.  With that checked, it still allows users to clear the
:username and password and have the client retrieve the login 
:credentials
:from the cache.  Also, we've made sure to uncheck 'automatically use my
:user name and password' to no effect.  It appears this just keeps the
:client from trying the login credentials by default, but still allows
:the user to clear their fields in the dialog which causes the client to
:go back to the cache.  Puzzling...  I think the solution (if there is
:one) will be something lower level in a registry key that will likely
:have a name like 'DontRetrieveLoginCredentialsFromCache=1' or something
:like that but my research into the MSKB hasn't yielded any such key.
:
:Any other suggestions would be greatly appreciated,
:
:Scott
:
:
:-----Original Message-----
:From: Marco Peretti [mailto:marcop@neovalens.com] On Behalf Of marco2
:Sent: Wednesday, December 08, 2004 12:05 PM
:To: Wozny, Scott (US - New York); focus-ms@securityfocus.com
:Subject: RE: Modifying default behaviour of MS VPN client
:
:
:Scott
:
:Is the option "Prompt for user name & password" in the Options tab
:checked?
:
:Cheers,
:
:Marco 
:
:-----Original Message-----
:From: Wozny, Scott (US - New York) [mailto:swozny@deloitte.com] 
:Sent: Wednesday, December 08, 2004 4:24 PM
:To: focus-ms@securityfocus.com
:Subject: Modifying default behaviour of MS VPN client
:
:I have a situation on my hands where users have no username 
:and password
:info in the MS VPN connection dialog but when they hit connect the
:client will use the username and password of the currently logged on
:user which grants them a successful authentication.  Anyone know how to
:disable this behaviour and require that the user explicitly enter their
:username and password in the connection dialog for each VPN connection?
:
:Thanks,
:
:Scott
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:This message (including any attachments) contains confidential
:information intended for a specific individual and purpose, and is
:protected by law.  If you are not the intended recipient, you should
:delete this message.  Any disclosure, copying, or distribution of this
:message, or the taking of any action based on it, is strictly
:prohibited.
:
:---------------------------------------------------------------
:---------
:---
:---------------------------------------------------------------
:---------
:---
:
:
:
:This message (including any attachments) contains confidential 
:information intended for a specific individual and purpose, 
:and is protected by law.  If you are not the intended 
:recipient, you should delete this message.  Any disclosure, 
:copying, or distribution of this message, or the taking of any 
:action based on it, is strictly prohibited.
:
:---------------------------------------------------------------
:------------
:---------------------------------------------------------------
:------------
:
:


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Modifying default behaviour of MS VPN client, Wozny, Scott (US - New York)
Next by Date:  Re: Modifying default behaviour of MS VPN client, Caeser Augustus
Previous by Thread:  RE: Modifying default behaviour of MS VPN client, Wozny, Scott (US - New York)
Next by Thread:  Re: Modifying default behaviour of MS VPN client, Caeser Augustus
Indexes:  [Date] [Thread] [Top] [All Lists]