Anyone use usb logon keys?

microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late! 

Subject Author Date Anyone use usb logon keys? <churchmouse 12-14-2005  Re: Anyone use usb logon keys? Vanguard 12-14-2005  Re: Anyone use usb logon keys? Paul Adare 12-15-2005  Re: Anyone use usb logon keys? G3Sys 12-15-2005  Re: Anyone use usb logon keys? <churchmouse 12-15-2005  Re: Anyone use usb logon keys? Vanguard 12-15-2005  Re: Anyone use usb logon keys? <churchmouse 12-17-2005  Re: Anyone use usb logon keys? <churchmouse 12-15-2005  Re: Anyone use usb logon keys? Roger Abell [MV... 12-21-2005  Re: Anyone use usb logon keys? <churchmouse 12-15-2005  Re: Anyone use usb logon keys? G3Sys 12-16-2005  Re: Anyone use usb logon keys? <churchmouse 12-17-2005  Re: Anyone use usb logon keys? Kerry Brown 12-15-2005  Re: Anyone use usb logon keys? <churchmouse 12-17-2005  Re: Anyone use usb logon keys? Kerry Brown 12-17-2005  Re: Anyone use usb logon keys? <churchmouse 12-17-2005  Re: Anyone use usb logon keys? Will 12-22-2005  Re: Anyone use usb logon keys? Paul Adare 12-22-2005  Re: Anyone use usb logon keys? Will 12-22-2005  Re: Anyone use usb logon keys? Paul Adare 12-22-2005  Re: Anyone use usb logon keys? Will 12-22-2005  Re: Anyone use usb logon keys? S. Pidgorny 12-23-2005  Re: Anyone use usb logon keys? sali 12-24-2005  Re: Anyone use usb logon keys? Will 12-24-2005  Re: Anyone use usb logon keys? sali 12-25-2005  Re: Anyone use usb logon keys? Will 12-26-2005

Posted by <churchmouse on December 14, 2005, 2:09 pm Please log in for more thread options Anyone use or have seen the USB logon keys. I am considering them for use here and need feedback. We aren't a nuclear site or anything, We just have careless users who leave thier machine logged in all the time because they don't want to remember thier strong password. These keys would fix that. Advice and counsel? Posted by Vanguard on December 14, 2005, 7:56 pm Please log in for more thread options show/hide quoted text > Anyone use or have seen the USB logon keys. I am considering them for use > here and need feedback. We aren't a nuclear site or anything, We just have > careless users who leave thier machine logged in all the time because they > don't want to remember thier strong password. These keys would fix that. > Advice and counsel? And how do USB keys that have the password recorded on them improve security or force logoffs? The users will just leave the USB stick in the USB port all the time. That means they will still always be logged in. That also means that anyone can come along and grab the USB stick, copy its contents, and [maybe] return it to hide that they stole the password. As far as logging them off, why are you pushing a policy which has them forced off after so many minutes of inactivity? Posted by Paul Adare on December 15, 2005, 3:43 am Please log in for more thread options microsoft.public.windows.server.security news group, Vanguard show/hide quoted text > And how do USB keys that have the password recorded on them improve security > or force logoffs? The users will just leave the USB stick in the USB port > all the time. That means they will still always be logged in. That also > means that anyone can come along and grab the USB stick, copy its contents, > and [maybe] return it to hide that they stole the password. As far as > logging them off, why are you pushing a policy which has them forced off > after so many minutes of inactivity? > The USB keys being referred to here are USB form factor smart cards (or some other type of two factor auth like RAS SecureID). They do not contain passwords and you cannot simply copy off the authentication mechanism. -- Paul Adare MVP - Windows - Virtual Machine http://www.identit.ca/blogs/paul/ "The English language, complete with irony, satire, and sarcasm, has survived for centuries without smileys. Only the new crop of modern computer geeks finds it impossible to detect a joke that is not clearly labeled as such." Ray Shea Posted by G3Sys on December 15, 2005, 11:30 am Please log in for more thread options Hi, You could enforce a Group Policy which automatically locks their machines after a set amount of time inactive (30 minutes?). They then need to re-enter the password to get back in. Kind of like logging on - but much quicker. Posted by <churchmouse on December 15, 2005, 3:06 pm Please log in for more thread options Yes but thats gonna tick them off more, if the key is on their car keys then they will take them home and also not leave thier keys laying around. A form of social engineering I suppose. show/hide quoted text > Hi, > You could enforce a Group Policy which automatically locks their > machines after a set amount of time inactive (30 minutes?). They then > need to re-enter the password to get back in. Kind of like logging on - > but much quicker. > Similar Threads Posted ipsec SA with manual keys July 19, 2006, 6:50 am Finding Product Keys July 16, 2007, 5:47 am How are derived the crypto keys used in SMB client and server Sign November 27, 2005, 3:41 pm Large amount of keys generated in Crypto\RSA\MachineKeys\ November 12, 2009, 5:51 am There are currently no logon servers available to service the logon request - how to fix this error? i get it when trying to access a share one hop away. April 12, 2007, 6:03 pm Workstations showing logon failures by users can still logon? November 27, 2007, 6:56 pm Re: There are currently no logon servers available to service the logon request - how to fix this error? January 29, 2009, 7:41 pm Re: There are currently no logon servers available to service the logon request - how to fix this error? November 3, 2009, 10:45 am There are currently no logon servers available to service the logon request March 30, 2009, 8:26 am Just one logon January 5, 2006, 11:56 am