How To Avoid Password Window in WIN XP?????? - Page 4
Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 54

Thread: How To Avoid Password Window in WIN XP??????

  1. #31
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Personally, I have no issues with my guests looking through the data on my machines. Because if you are my guest and have that access to my house when I am not around then we have a transitive respect and trust.
    To each his own then.............

    I have my personal documents, budget and some financial data on my machine.....I dont want people to know that much about me......I strive for some illusion of privacy in my home....

    Personally ...I dont want anyone to just happen to stumble over it....

    Having no password is like leaving your house or car unlocked.....

    IMHO....as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  2. #32
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by brokencrow
    Yup, seen that happen...



    Ultimately, that's all computer security is...a deterrent. And manual logons are obviously a valid deterrent considering their widespread use on corporate networks.

    I stand by my original statement: automatic logons are the lazy man's way to get hacked (or whatever you want to call compromising a computer).
    We're not talking about corporate machines, we're talking home computers.. Auto-login would be stupid in a corporate environment but it's fine in a home situtation.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #33
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by HTRegz
    We're not talking about corporate machines, we're talking home computers.. Auto-login would be stupid in a corporate environment but it's fine in a home situtation.

    Hmm.. so what about EFS encryption then? If you just allow anybody access to the machine it makes EFS pointless... Of course you can always knoppix the sam database and change a password and allow yourself to login, but there will be evidence of this occuring on the machine. Having logins does give you more accountability on the system and more ability to track what happens.. Actually.. I just checked into this, and if you reset the password with tools like the ultimate boot cd you still won't have access to EFS encrypted files..

    On my home machine that is very important.. Even if you put the original sam database back and delete all of the log files I still know that somebody was on my machine doing something, where as with an open login I may not know at all that somebody else was on the machine. Add to that the extra protection with EFS and I see a lot of value in using logins on home machines.


    Oh.. and since you are the one being nitpicky here.. Your statement "auto-login would e stupid in a corporate environment." Is not really accurate either.. I've worked in several call centers where every machine had an open login. But it didn't matter because there was nothing stored on the local machine. The auto login only had access to run two or three programs and each one of those programs required a login. So perfect example of where an auto-login makes perfect sense in a corporate environment...

    But no matter what... This is a pointless argument and I'm suprised it has gone on this long..

  4. #34
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by mohaughn
    Hmm.. so what about EFS encryption then? If you just allow anybody access to the machine it makes EFS pointless... Of course you can always knoppix the sam database and change a password and allow yourself to login, but there will be evidence of this occuring on the machine. Having logins does give you more accountability on the system and more ability to track what happens.. Actually.. I just checked into this, and if you reset the password with tools like the ultimate boot cd you still won't have access to EFS encrypted files..

    On my home machine that is very important.. Even if you put the original sam database back and delete all of the log files I still know that somebody was on my machine doing something, where as with an open login I may not know at all that somebody else was on the machine. Add to that the extra protection with EFS and I see a lot of value in using logins on home machines.
    What if you don't use EFS but say TrueCrypt... I see EFS like the built in *nix Encrypted drive...I'm not a big fan of them.. I prefer third party software for it... It does allow more accountability... but I don't see a need for that in a home environment...

    PCs used for Corporate work shouldn't be available to other people... and corporate policy should prevent personal computers from accessing the VPN... I believe Tiger is an example.. he has a seperate machine (from what I've read) strictly for his work... his personal machine is seperate...

    I just don't see that level of mistrust... I see reason for profiles... but I don't consider it as big of a risk as brokencrow has made it out to be.. it's not MORE risk than Physical Access itself..
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #35
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by HTRegz
    What if you don't use EFS but say TrueCrypt... I see EFS like the built in *nix Encrypted drive...I'm not a big fan of them.. I prefer third party software for it... It does allow more accountability... but I don't see a need for that in a home environment...

    PCs used for Corporate work shouldn't be available to other people... and corporate policy should prevent personal computers from accessing the VPN... I believe Tiger is an example.. he has a seperate machine (from what I've read) strictly for his work... his personal machine is seperate...

    I just don't see that level of mistrust... I see reason for profiles... but I don't consider it as big of a risk as brokencrow has made it out to be.. it's not MORE risk than Physical Access itself..
    and
    a Stolen Computer is a Stolen Computer... regardless of physical security it could be stolen... so if it's stolen... even if you don't have auto login... the person will get the Data if they want it... or wipe it and start fresh... So Autologin doesn't help them... If they want in, they'll get in... Put the hard drive as a secondary in another machine...
    Kind of changing the point when I give you a great reason to use logins on home machines eh? You were saying it is pointless.. And I gave you a reason why it is not pointless.

  6. #36
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    PCs used for Corporate work shouldn't be available to other people... and corporate policy should prevent personal computers from accessing the VPN... I believe Tiger is an example.. he has a seperate machine (from what I've read) strictly for his work... his personal machine is seperate...
    So do you think Tiger auto logs in on his personal machine.....IM everyso HO...I highly doubt it

    The kids use my laptop....once in a while...cause its portable.....I have profiles setup...and they have no access to my profile....it is my personal machine.....that I sometimes will use for work...........if needed

    Anyway....like I said...most people are not that computer savy....

    I think the password is a basic security tool....and should be used on home machines...

    Educate the masses

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #37
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by mohaughn
    and

    Kind of changing the point when I give you a great reason to use logins on home machines eh? You were saying it is pointless.. And I gave you a reason why it is not pointless.
    Once again.... I'm not saying Auto Login is pointless I'm arguing BrokenCrows one comment.. why does no one see this... it's a very simple statement... and it's an incorrect statement.

    MLF: I'm not saying Tiger uses AutoLogin... I'm saying he has a separate work machine... which is how it should be... I'm saying that people who say Auto Login is useless because of their VPNs are wrong.. they shouldn't have their VPNs on a machine that anyone else uses... That should be a violation of corporate policy..

    There's a difference between using a password and a password that makes no difference in the end.. A login password in a home environment makes no difference when it comes to being "hacked"... It may provide additional accountability... It make keep users files seperate... but those can all be bypassed.. It all comes down to the fact that Physical Access = Loss of Security.... auto login doesn't affect that... Disabling Auto Login is nothing more than security through obscurity something that members of this site so frequently speak out against... I've spoken with people in the office about this.. they all see it.. I'm confused that no one on this site can see that and the logic in it... That they think auto Login is some evil thing... it makes no sense.

    Anyway....like I said...most people are not that computer savy....
    This comment alone identifies it as security through obscurity... It's like saying most people aren't computer saavy enough to exploit my computer so I don't need to update... Most people aren't computer saavy enough to remotely access my machine so I don't need a firewall... Normally you would all be speaking out against Security through Obscurity but suddenly you all change your tone and support it?
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #38
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Allow me to chime in, everyone? Thanks

    Your statement "auto-login would be stupid in a corporate environment." Is not really accurate either..
    You aren't really serious.. are you? Then you say there are plenty of systems with auto-login but it doesn't matter because nothing is really on those machines at the time anyways.. I'd hate to work in your office and be someone with malicious or rude intent, no? Not to mention, 9 out of 10 corporate systems in the workplace HAVE atleast SOMETHING of value on those systems.. Using auto-login in corporate environments is EXTREMELY stupid.. foolhardy, really. That's putting too much trust in your fellow employees, etc.. and not use it at home?! ****, I trust those around my house more than I trust those at work, LMAO..

    Oh, and to say, "Well, most people aren't tech savvy enough for this, that, and the other".. Lemme tell you something, that is a commercialized ignorant way to think.. HT speaks for me in saying, "Oh, so lets not update our software/etc and have firewalls, etc etc.."

    Blahh.. horsehockey..

    Ahh, and MLF: No offense, but if I was one of your children.. and I REALLY wanted to get into your system.. I would. Kids aren't that stupid..

    If I had your system in front of me, auto-login or not I'd get in..
    No one said that ^ however that's what HTRegz is saying.. and that's 100% accurate, end of discussion.. auto-login in the home environment isn't that big of a deal, especially when you have physical security, etc etc..
    Space For Rent.. =]

  9. #39
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Ahh, and MLF: No offense, but if I was one of your children.. and I REALLY wanted to get into your system.. I would. Kids aren't that stupid..
    I in no way said my kids are stupid......an yes my policy at home will have to adjusted when they get older.

    I am just saying by using profiles and passwords.....I keep my kids outta my email and documents....it is a detterent...and I in no way say that is the end all and be all of security

    I also cant see how this relates to my updating my machines....because I have a username passord policy on my systems at home...I dont update my machines.......

    Thats stupid

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #40
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    I've spoken with people in the office about this.. they all see it.. I'm confused that no one on this site can see that and the logic in it... That they think auto Login is some evil thing... it makes no sense.
    As morganlefay stated, concerning her situation, she knows her children better than you or your ofiice mates. If you cannot see the situation that she is in, and understand how she has taken steps to secure her data, well then, you should start thinking outside of the box you are stuck in.
    Maybe when you have children you will handle this differently, fine, but not everyone will do it your way just because you said so.
    And if you are really confused by morganlefay using common sense, then I feel sorry for your employer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides