[9317] in bugtraq
NT4 Locking (Was: ole objects in a "secured" environment?)
daemon@ATHENA.MIT.EDU (Tadek Knapik)
Wed Feb 3 01:37:40 1999
Mail-Followup-To: bugtraq@netspace.org
Date: Tue, 2 Feb 1999 11:00:04 +0100
Reply-To: Tadek Knapik <tadek@NAUTILUS.UWOJ.KRAKOW.PL>
From: Tadek Knapik <tadek@NAUTILUS.UWOJ.KRAKOW.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <249290D416B3D2119D660090273AEDD60137D4@houms1.awd.com>; from
Reed, David on Fri, Jan 29, 1999 at 10:21:51AM -0600
David Reed wrote:
> background:
>
> since all of the major security flaws in windows nt 4.0 have been discovered
> (who am i kidding? ;-), i'd like to point out a minor one... by way of a
> question: "should a secured workstation's 'unlock workstation' dialog be
> permitted to interact with the desktop?"
Much more interesting thing to me is the way it handles passwords.
I log on, change my own password with User Manager, and then give it
ctrl-alt-del combination, choosing Lock Workstation. Surprise, it doesn't
accept the actual pasword, it needs the old one, used while logging on.
Valid with SP3 as well as with SP4.
Once upon a time a Microsoft guy (suprised as I was at first:) tried
to explain this is the way it has to be as the 'Lock Workstation' cannot
interact with the desktop ;)
Sorry, if this was already mentioned/discussed here and I'm just
taking your time ;)
Sincerely,
Tadek Knapik
--
----------------------------------------------------------------------
| Tadek Knapik (TxF on #amigapl) // "Be yourself, no matter |
| tadek@nautilus.uwoj.krakow.pl \X/ what they say" - Sting |
----------------------------------------------------------------------
| I use an account provided by my employer; however, my employer in |
| no way endorses any action or statement of mine, unless stated so. |
----------------------------------------------------------------------
