Announcement

Collapse
No announcement yet.

securing NETLOGON

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • securing NETLOGON

    hello everyone
    i have logon script placed in sysvol/sysvol/..../scripts directory which is the default directory for logon script and i'm using windows 2003 server
    Code:
    :1
    IF %USERNAME% == boss GOTO 1
    IF %USERNAME% == syst GOTO 2
    IF %USERNAME% == account GOTO 3
    IF %USERNAME% == administrator GOTO 4
    EXIT
    :1
    net use N: \\172.17.100.206\private$\Account
    net use M: \\172.17.100.206\private$\Administ
    net use S: \\172.17.100.206\private$\system
    net use P: \\172.17.100.206\public$
    EXIT
    
    :2
    net use S: \\172.17.100.206\private$\system
    net use P: \\172.17.100.206\public$
    
    :3
    net use N: \\172.17.100.206\private$\Account
    net use M: \\172.17.100.206\private$\Administ
    net use P: \\172.17.100.206\public$
    
    :4
    net use P: \\172.17.100.206\public$
    EXIT
    So my security concern over here is everyone can view the script and configure out what's going on so .. how do i secure my NETLOGON directory
    i don't want to apply script using gpo.
    Thankyou in advance

  • #2
    Re: securing NETLOGON

    Question: Who cares if the users figure out what's going on? You're just mapping drives with the script.

    Question: Do you think the users have the knowledge to find the sysvol share, navigate through it to find the logon script, and open the logon script to view it?

    Comment: The Authenticated Users group needs read and list access permissions to the sysvol share and all it's subfolders, otherwise your domain would not work.

    Comment


    • #3
      Re: securing NETLOGON

      Moved to Windows 2003 forum.
      1 recommendation; don't mess with the sysvol permissions.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: securing NETLOGON

        Thanks Dumber for moving the topic in proper section.
        i was really puzzled where to put my post either in scripting,security,windows2003 :~

        isn't it a security concern... looking at the shared directory NETLOGON everyone can find what are the usernames how many hidden shares are there.

        and if i made the script folder hidden.....it won't work..
        so i will better stop messing with NETLOGON folder as mentioned by Dumber.

        Thankyou

        Comment


        • #5
          Re: securing NETLOGON

          There are tools out there which can convert a batch/vbs file to a exe file.
          I never used them but it might worth to give it a shot.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: securing NETLOGON

            OMG why didn't that idea came in my mind..
            Thankyou verymuch.
            i will convert my batch script to .com or .exe using batch2exe or similar programs
            Thanks once again
            omiz

            Comment


            • #7
              Re: securing NETLOGON

              NTFS permissions can block access to the hidden shares anyway. Mapped drives will show their path so end users can see the information in the gui.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment

              Working...
              X