Desktop Security Practices

Andrea Tanner tanner at oakland.edu
Wed Sep 11 13:56:31 GMT 2002


We are reviewing our desktop security on Windows 2000 clients.
We are looking to make the following change to our Ghost image
template:

1.  Configure Windows 2000 desktops to not cache NT domain login
passwords

Our rationale is that with recent hacks getting past our anti-virus
software and
loading trojans, we would like to prevent the hacker to crack the
cached 
password file.

We are writing our business case at this time.  We would like to know
if
any of you folks have implemented this type of policy on your Windows
2000
desktops?  One roadblock is that if our NT domain goes down (rare)
people cannot
log into their computers.  This will also happen if a user has a local
network 
problem (ie, bad network card of cable).  That is our main reason to
see if any
of you folks have implemented this. 

What about laptops that faculty use at home and on your nework?  If
you have
implemented this policy, do you exclude laptops?

Thank you!

Andrea Tanner Zsigo               Manager, Helpdesk and Desktop
Applications
tanner at oakland.edu               IT Help Desk
217 DHE                               Oakland University
248-370-4555                         Rochester, MI, USA   



More information about the unisog mailing list