Easy VPN Question
When I connect to a customers network through a vpn, does the customers domain admin account automatically get access to my hard disk drive ? or is the security automatically built into the vpn software to protect my pc ?
We use several vpn packages for different clients including Checkpoint, Cisco and Microsoft standard windows vpn
thanks
We use several vpn packages for different clients including Checkpoint, Cisco and Microsoft standard windows vpn
thanks
ASKER
Thanks, all the passwords are strong and the guest acct is turned off. But some PCs have "everyone - full control" enabled- would that allow their administrators to access our hard drives on a workgroup (non domain) XP PC ?
thanks
thanks
Nope.
'Everyone' means 'Everyone who can successfully authenticate to this machine' - so in this case, that should not include anyone you don't want it to.
'Everyone' means 'Everyone who can successfully authenticate to this machine' - so in this case, that should not include anyone you don't want it to.
No, "Authenticated Users" means 'Everyone who can successfully authenticate to this machine'. "Everyone" means "Everyone".
If your machine is joined to the customer's domain, then their "Domain Admins" will have whatever permissions on your machine that group is given. (I used to work in a company where I eventually provided all employees with a login script that re-added "Domain Admins" to their local "Administrators" group....)
If your machine is joined to the customer's domain, then their "Domain Admins" will have whatever permissions on your machine that group is given. (I used to work in a company where I eventually provided all employees with a login script that re-added "Domain Admins" to their local "Administrators" group....)
ASKER
OK got it I think
customerdomain\administrat
Presumably the vpn software wouldn't fire a logon script under my credentials as that would be a security compromise ?
customerdomain\administrat
Presumably the vpn software wouldn't fire a logon script under my credentials as that would be a security compromise ?
well, regardless, 'Everyone' does not mean that the domain admins will have any permissions to his XP machine that's in a workgroup - unless he's granted them permission explicitly (which is what he's concerned about). In this case, Everyone isn't truly 'Everyone'.
The main difference is that 'Everyone' includes 'Guest', which he's confirmed is disabled. Also, 'anonymous users' could do things like enumerate shares in previous OS versions, but that still wouldn't give them any resource access that isn't explicitly granted.
http://www.winnetmag.com/Web/Article/ArticleID/23581/23581.html
The main difference is that 'Everyone' includes 'Guest', which he's confirmed is disabled. Also, 'anonymous users' could do things like enumerate shares in previous OS versions, but that still wouldn't give them any resource access that isn't explicitly granted.
http://www.winnetmag.com/Web/Article/ArticleID/23581/23581.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
no, it doesn't.
>or is the security automatically built into the vpn software to protect my pc ?
no, it isn't - you still have to make sure your PC is secure - don't leave Admin password blank, don't leave Guest account enabled, etc.