Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Active Directory

from [Peter Smith] Network Security [Permanent Link]
Subject: RE: Active Directory
Date: Fri, 31 Aug 2007 08:45:45 +1000 


Ensure login is allow only the AD group "Authenticated users"


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Devin Rambo
Sent: Friday, 31 August 2007 12:20 AM
To: focus-ms@securityfocus.com
Subject: RE: Active Directory

Without having more detail, I would say that you could use a combination
of
user permissions and user-level group policy. It's hard to say more than
that without knowing exactly what it is that you want to restrict them
from
doing. As a rule, you should look to grant permissions/policies that
give
them the bare minimum they need to perform their job functions.

Devin

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On
Behalf Of wjbox1-guard@yahoo.com
Sent: Thursday, August 30, 2007 2:19 AM
To: focus-ms@securityfocus.com
Subject: Active Directory

What is the easiest way to lock an lower level administrator from using
the
PC via Active Directory? 


When disabling a computer what else can be done with out having to block
the
IP address or MAC to make sure the PC does not get on the network and or
changed the computer name?



******************************************************************************************************************************************************************
"This email (including all attachments) is confidential, may contain personal 
or legally privileged information and is intended solely for the named 
addressee. Confidentiality or privilege is not waived or lost because this 
email has been sent to you by mistake. If you have received it in error, please 
let us know by reply email, delete it from your system and destroy any copies.

This email is also subject to copyright. No part of it should be reproduced, 
adapted or communicated without the written consent of the copyright owner. Any 
personal information in this email must be handled in accordance with the 
Privacy Act 1988 (Cth).

Emails may be interfered with, may contain computer viruses or other defects 
and may not be successfully replicated on other systems. Pillar Administration 
makes no representations and gives no warranties in relation to these matters 
and does not accept liability for any loss or damage which may result from this 
email.

If you have any doubts about the authenticity of an email purportedly sent by 
Pillar Administration, please contact us immediately. "
******************************************************************************************************************************************************************
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Software smart-card emulation, Thor (Hammer of God)
Previous by Thread:  RE: Active Directory, Devin Rambo
Next by Thread:  SecurityFocus Microsoft Newsletter #357, rkeith
Indexes:  [Date] [Thread] [Top] [All Lists]