October 16th, 2005 12:36 PM
This thread puzzles me. First, you have someone using auto login and the word "secure" in the same sentence. Baaad.
Next, you have someone using the term "admin" auto login, which suggests that a local admin account may be used to auto login a user. Then you have the question asked about how to lockdown the host and make it more secure. Even if he is logging in AD user accounts, there are tons of issues with doing so.
I'm left puzzled. Why the hell would you use autologin in the first place? This means that *anyone* can boot that machine and have at your network. Let's not forget the very basic need of accountability. How will you know who did something if you're auto logging in clients?
This leads me to the simple answer to all of this. Fire the IT dept and hire someone capable of setting up and securing a domain properly. If you do this, end users will not be able to bypass anything. The answer seems overly simple to me.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
October 16th, 2005 04:02 PM
Agreed, autologin through the registry leaves the password of the account in question in plain text...not a good thing.
If you are trying to lock down apps, i recommend using active directory on the domain and setting a group policy that ONLY allows the execution of specific program you decide to allow.
I have seen windows 2000 achines that had wireless cards auto login, and the network was not detected before the network credentials were sent, this leaves you with a logged in cached account with no policies in place, someone could fireup regedit grab the password and be on there way.
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.