Click here to get back home

Anyone use usb logon keys?

 HomeNewsGroups | Search

microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late! 

get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Anyone use usb logon keys? <churchmouse 12-14-2005
Posted by <churchmouse on December 14, 2005, 2:09 pm
Please log in for more thread options
Anyone use or have seen the USB logon keys. I am considering them for use
here and need feedback. We aren't a nuclear site or anything, We just have
careless users who leave thier machine logged in all the time because they
don't want to remember thier strong password. These keys would fix that.
Advice and counsel?



Posted by Vanguard on December 14, 2005, 7:56 pm
Please log in for more thread options
show/hide quoted text


And how do USB keys that have the password recorded on them improve security
or force logoffs? The users will just leave the USB stick in the USB port
all the time. That means they will still always be logged in. That also
means that anyone can come along and grab the USB stick, copy its contents,
and [maybe] return it to hide that they stole the password. As far as
logging them off, why are you pushing a policy which has them forced off
after so many minutes of inactivity?


Posted by Paul Adare on December 15, 2005, 3:43 am
Please log in for more thread options
microsoft.public.windows.server.security news group, Vanguard

show/hide quoted text

The USB keys being referred to here are USB form factor smart cards (or
some other type of two factor auth like RAS SecureID). They do not
contain passwords and you cannot simply copy off the authentication
mechanism.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

Posted by G3Sys on December 15, 2005, 11:30 am
Please log in for more thread options
Hi,

You could enforce a Group Policy which automatically locks their
machines after a set amount of time inactive (30 minutes?). They then
need to re-enter the password to get back in. Kind of like logging on -
but much quicker.


Posted by <churchmouse on December 15, 2005, 3:06 pm
Please log in for more thread options
Yes but thats gonna tick them off more, if the key is on their car keys then
they will take them home and also not leave thier keys laying around. A form
of social engineering I suppose.

show/hide quoted text



Similar ThreadsPosted
ipsec SA with manual keys July 19, 2006, 6:50 am
Finding Product Keys July 16, 2007, 5:47 am
How are derived the crypto keys used in SMB client and server Sign November 27, 2005, 3:41 pm
Large amount of keys generated in Crypto\RSA\MachineKeys\ November 12, 2009, 5:51 am
There are currently no logon servers available to service the logon request - how to fix this error? i get it when trying to access a share one hop away. April 12, 2007, 6:03 pm
Workstations showing logon failures by users can still logon? November 27, 2007, 6:56 pm
Re: There are currently no logon servers available to service the logon request - how to fix this error? January 29, 2009, 7:41 pm
Re: There are currently no logon servers available to service the logon request - how to fix this error? November 3, 2009, 10:45 am
There are currently no logon servers available to service the logon request March 30, 2009, 8:26 am
Just one logon January 5, 2006, 11:56 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Driving a better car - Fuelzilla.com

Cabling site for homeowners and pros alike - Cabling-Design.com

Friends:

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap
Privacy Policy