Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Adding Users via Web Interface

from [Andy.Kitzke] Network Security [Permanent Link]
Subject: RE: Adding Users via Web Interface
Date: Wed, 12 Apr 2006 14:50:33 -0500 
As long as it's used in the right context, I don't see it being that
bad.  If it's on a server that's had its security evaluated, is fully
patched and isn't public to the internet I don't see a huge problem with
it.  The method for using the Windows ASP scripts to change the password
work quite well and when used with SSL only increase its security.  The
script is also limited in its scope with what it can do against AD.
Also the ASP scripts provided by Windows don't 'connect' to AD, they
only poll it and update it.

Andy Kitzke
Network Engineer
In-Sink-Erator
 

-----Original Message-----
From: James Harless [mailto:jharless@kidwellcompanies.com] 
Sent: Wednesday, April 12, 2006 9:19 AM
To: focus-ms@securityfocus.com
Subject: Re: Adding Users via Web Interface

Seems like an exceptionally bad idea to me.  Connecting a webserver to
AD so
frivolously seems like an invitation to evil-doing.


-- 
James Harless




On 4/11/06 7:24 PM, "Crawley, Jim" <Jim.Crawley@yrbrands.com> wrote:


I'm actually quite interested in seeing how this progresses as
well.  Right now we have a mixed network and it would be great to have

a

way for the end-user to change their own passwords both on the max and
on machines still connected to the netware network.


 



-----Original Message-----
From: Steveb@tshore.com [mailto:Steveb@tshore.com]
Sent: Wednesday, 12 April 2006 6:51 AM
To: kane@linkitsoftware.com; focus-ms@securityfocus.com
Subject: RE: Adding Users via Web Interface

Adam,

What's so hard about pressing <ctrl>+<alt>+<del> and clicking the

button

that says "Change Password"?  It seems like opening up a web browser

and

doing it at a web server is not only less secure but also quite a few
more steps!

Steve Bostedor
http://www.bozteck.com
Bozteck President

-----Original Message-----
From: Adam Kane [mailto:kane@linkitsoftware.com]
Sent: Tuesday, April 11, 2006 3:33 PM
To: focus-ms@securityfocus.com
Subject: Adding Users via Web Interface

Hi all,

Is there some kind of application I can install on my Windows 2000
Server IIS machine to allow changing of user passwords via web
interface?  This would be used on a LAN for non-savvy users (ie. sales
associates) to change passwords quickly to users on the win2k server
machine.

Any advice is appreciated.  Thanks!


Regards,

Adam Kane




------------------------------------------------------------------------

---


------------------------------------------------------------------------

---





------------------------------------------------------------------------

---


------------------------------------------------------------------------

---




------------------------------------------------------------------------
---



------------------------------------------------------------------------
---





------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Adding Users via Web Interface, l00t3r
Next by Date:  RE: Adding Users via Web Interface, mcclenbw
Previous by Thread:  RE: Adding Users via Web Interface, Luis Gutierrez
Next by Thread:  RE: Adding Users via Web Interface, mcclenbw
Indexes:  [Date] [Thread] [Top] [All Lists]