Previous posts
Sharing Files Over a NetworkWindows Ensuring the Security of Files
Safeguarding the Security Accounts Manager
Using Group Policy to Restrict Access
Disable, automatic ,logons
Force Windows to display a secure logon screen
How Interactive Logons Work
Controlling the Logon and Authentication Process
Windows Built-In Security Groups
Security Groups
Friends
mercredi 30 janvier 2008
Eliminate or Disable Unused Accounts
One common avenue that intruders use to attack Windows is to look for user accounts that are poorly secured. On business networks, an all-too-common mistake is to fail to remove a user account after an employee quits or is fired. If the account remains active and the password is unchanged, a disgruntled ex-worker can break into the computer and steal data or sabotage the system. The potential for damage is even worse if the former employee has remote access privileges that haven't been promptly revoked. To view the complete list of user accounts in Windows XP Professional or Windows 2000 Professional, open the Local Users And Groups snap-in from the Computer Management console (Control Panel, Administrative Tools, Computer Management).
TIP
--------------------------------------------------------------------------------
See the complete list
Don't rely on the abbreviated list of user accounts that appears when you open Control Panel and choose User Accounts (Windows XP) or Users And Passwords (Windows 2000). This list shows only accounts that are available for local logon. Other accounts, such as those created by a FrontPage-enabled Web server or a virtual private network (VPN) connection, are hidden.
Figure 2-8 shows the list of accounts on a computer running Windows XP Professional. To remove an account, right-click its entry in the Users list and choose Delete from the shortcut menu. To temporarily disable an account without removing its associated files and permissions, double-click its entry in the Users list and select the Account Is Disabled option on the General tab of the properties dialog box.
Figure 2-8. Use the Computer Management console to identify and eliminate unused accounts so that they can't be accessed by intruders.
Unfortunately, if you use Windows XP Home Edition, the Local Users And Groups option is missing from the Computer Management console, and trying to run it manually (either by adding the Local Users And Groups snap-in to an MMC console or entering the lusrmgr.msc command) produces only an error message. To work with the complete list of user accounts, try the net user command; you'll find full details in Disabling or Deleting User Accounts.
One common avenue that intruders use to attack Windows is to look for user accounts that are poorly secured. On business networks, an all-too-common mistake is to fail to remove a user account after an employee quits or is fired. If the account remains active and the password is unchanged, a disgruntled ex-worker can break into the computer and steal data or sabotage the system. The potential for damage is even worse if the former employee has remote access privileges that haven't been promptly revoked. To view the complete list of user accounts in Windows XP Professional or Windows 2000 Professional, open the Local Users And Groups snap-in from the Computer Management console (Control Panel, Administrative Tools, Computer Management).
TIP
--------------------------------------------------------------------------------
See the complete list
Don't rely on the abbreviated list of user accounts that appears when you open Control Panel and choose User Accounts (Windows XP) or Users And Passwords (Windows 2000). This list shows only accounts that are available for local logon. Other accounts, such as those created by a FrontPage-enabled Web server or a virtual private network (VPN) connection, are hidden.
Figure 2-8 shows the list of accounts on a computer running Windows XP Professional. To remove an account, right-click its entry in the Users list and choose Delete from the shortcut menu. To temporarily disable an account without removing its associated files and permissions, double-click its entry in the Users list and select the Account Is Disabled option on the General tab of the properties dialog box.
Figure 2-8. Use the Computer Management console to identify and eliminate unused accounts so that they can't be accessed by intruders.
Unfortunately, if you use Windows XP Home Edition, the Local Users And Groups option is missing from the Computer Management console, and trying to run it manually (either by adding the Local Users And Groups snap-in to an MMC console or entering the lusrmgr.msc command) produces only an error message. To work with the complete list of user accounts, try the net user command; you'll find full details in Disabling or Deleting User Accounts.
0 Comments:
Funny Blogs
Blogger Roll
Free Software
