Results 1 to 7 of 7

Thread: Connecting to the internet through startup group policy

  1. #1
    Junior Member
    Join Date
    Jul 2001
    Posts
    3

    Connecting to the internet through startup group policy

    I know there's a lot of MS haters out there, so serious contributions only please!

    I have a Win2K Professional (SP2) box with a USB cable connection to the internet (ADSL). I need to be able to remotely access this box. I don't have a fixed IP, so whenever I need remote access I have to logon, grab the IP address and then lock the workstation. This became such a hassle that I looked into a simpler method and came up with this:

    1.Setup a group policy through MMC which connects to the internet during startup using rasdial.exe.

    2.Run a windows script file at startup (again as a group policy) that grabs my IP and ftp's it to www.mysite.com/dir/ in the form of a cgi redirect to the correct port that the remote control software is listening on.

    3.Set the following reg key so that even if I logoff, the connection stays live:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\KeepRASConnections:REG_SZ:1

    Are there any glaring security holes in this approach? My firewall runs as a service, so I should be covered, right?? Is anybody doing anything similar?

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    412

    Connecting to the internet through startup group policy

    Any experience i've had with usb adsl modems its had a static ip address, afaik its the adsl routers that have a dynamic address.

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    196
    http://www.dyndns.org/

    You can register a free account. Once you have that, you can update a dynamic IP with their service. The site also has a lot of tools that will do this for you. I used this in the past, it worked great until I finally bought a static IP address from my DSL provider. But you can register an address like mymachine.dyndns.org and the IP will always stay with the machine, even if it changes. It's kind of hard to explain, visit the site they explain it in much more detail. This might be an easier solution, as far as security start with turning off NetBIOS over TCP in your network TCP/IP properties for the WAN connection in Win2k. Gets rid of the port 139 thing that hackers love so much I noticed a while back that it was ON by default, doh!! What was Micro$oft thinking when they went to sleep on a big pile of money

  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    as far as security start with turning off NetBIOS over TCP in your network TCP/IP properties for the WAN connection in Win2k. Gets rid of the port 139 thing that hackers love so much I noticed a while back that it was ON by default, doh!! What was Micro$oft thinking when they went to sleep on a big pile of money
    As I explained before:

    NetBEUI can come in quite handy if you want to 'file and print-share':

    It's explained here! .

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    196

    Question

    Excellent info Negative.

    I think he just wants to access it remotely with some other 3rd party program? I'm not clear on that yet?

    Bullet: What do you mean by remotely access? Like file/print sharing or 3rd party programs like pcAnywhere?

  6. #6
    Junior Member
    Join Date
    Jul 2001
    Posts
    3
    Yes knightmb I need complete remote control access using 3rd party software like PcAnywhere.

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    412

    remote access software

    Funk proxy is your friend, which you can find here

    Not aware of any exploits specifically for this but you should be careful anyways.

    Pete

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •