|
Posted by Joe Richards [MVP] on April 19, 2007, 11:31 am
Please log in for more thread options
You would have to go all the way back to the LANMAN and OS/2
documentation. Initially, prior to the concept of a "domain" this is how
all authentication communication between the machines was handled.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
John wrote:
> Can you explain to me more about the fact that is is by design? Can you
> point me to resouces that explains this? Thanks in advance.
>
> "Joe Richards [MVP]" wrote:
>
>> It isn't an issue, it is by design and it isn't going to change.
>>
>> Use different passwords on the accounts if you don't want the admin on
>> one machine to access resources on another machine. It is bad security
>> practice to use identical passwords on multiple accounts anyway.
>>
>>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> Author of O'Reilly Active Directory Third Edition
>> www.joeware.net
>>
>>
>> ---O'Reilly Active Directory Third Edition now available---
>>
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>> John wrote:
>>> I have a Windows 2003 Active Directory environment. I have XP workstations
>>> and member servers with the local administrator account password set the
>>> same. I logged into the XP workstation as the local administrator. Then I
>>> was able to access all the administrative shares of the other workstations
>>> and member servers that have the same password. I would be able to unc path
>>> to \server\c$ without a domain authenication prompt. I remember this was
an
>>> issue in the NT domain days when you could log on to other domains with if
>>> the administrator account and passwords were the same. I checked another
>>> Windows 2003 AD as well as a 2000 AD and it still happened. Any ideas why
>>> and how to stop it?
| 
XML Sitemap