Connecting to the internet through startup group policy

[BULLET]

I know there's a lot of MS haters out there, so serious contributions only please!

I have a Win2K Professional (SP2) box with a USB cable connection to the internet (ADSL). I need to be able to remotely access this box. I don't have a fixed IP, so whenever I need remote access I have to logon, grab the IP address and then lock the workstation. This became such a hassle that I looked into a simpler method and came up with this:

1.Setup a group policy through MMC which connects to the internet during startup using rasdial.exe.

2.Run a windows script file at startup (again as a group policy) that grabs my IP and ftp's it to www.mysite.com/dir/ in the form of a cgi redirect to the correct port that the remote control software is listening on.

3.Set the following reg key so that even if I logoff, the connection stays live:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\KeepRASConnections:REG_SZ:1

Are there any glaring security holes in this approach? My firewall runs as a service, so I should be covered, right?? Is anybody doing anything similar?

[petemcevoy]

Any experience i've had with usb adsl modems its had a static ip address, afaik its the adsl routers that have a dynamic address.

[knightmb]

http://www.dyndns.org/

You can register a free account. Once you have that, you can update a dynamic IP with their service. The site also has a lot of tools that will do this for you. I used this in the past, it worked great until I finally bought a static IP address from my DSL provider. But you can register an address like mymachine.dyndns.org and the IP will always stay with the machine, even if it changes. It's kind of hard to explain, visit the site they explain it in much more detail. This might be an easier solution, as far as security start with turning off NetBIOS over TCP in your network TCP/IP properties for the WAN connection in Win2k. Gets rid of the port 139 thing that hackers love so much I noticed a while back that it was ON by default, doh!! What was Micro$oft thinking when they went to sleep on a big pile of money

[Negative]

as far as security start with turning off NetBIOS over TCP in your network TCP/IP properties for the WAN connection in Win2k. Gets rid of the port 139 thing that hackers love so much I noticed a while back that it was ON by default, doh!! What was Micro$oft thinking when they went to sleep on a big pile of money

As I explained before:

NetBEUI can come in quite handy if you want to 'file and print-share':

It's explained here! .

[knightmb]

Excellent info Negative.

I think he just wants to access it remotely with some other 3rd party program? I'm not clear on that yet?

Bullet: What do you mean by remotely access? Like file/print sharing or 3rd party programs like pcAnywhere?

[BULLET]

Yes knightmb I need complete remote control access using 3rd party software like PcAnywhere.

[petemcevoy]

Funk proxy is your friend, which you can find here

Not aware of any exploits specifically for this but you should be careful anyways.

Pete