Comments on: Vista & Longhorn Server’s “Improved” Security

By: +longhorn +local +problem +server - Eniro

+longhorn +local +problem +server - Eniro — Mon, 29 Jan 2007 21:52:13 +0000

[...] Vista & Longhorn Server�s �Improved� Security at The NeoSmart Files [...]

By: Longhorn Server's Amazing Security » Netscape.com

Longhorn Server's Amazing Security » Netscape.com — Wed, 17 Jan 2007 05:46:20 +0000

[...] Story Discuss (0) (neosmart.net) 96 days ago by [...]

By: LUGOD: Reasons to avoid Microsoft

LUGOD: Reasons to avoid Microsoft — Tue, 12 Dec 2006 10:52:42 +0000

[...] Vista & Longhorn Server.s .Improved. Security (The NeoSmart Files, 2006.10.12) [If] an operating system doesn’t get more secure as it progresses and evolves, there is certainly something fishy going on. … So what’s the problem? Windows “Longhorn” Server is! While Windows Vista.s security has steadily improved build-by-build, and while Longhorn.s kernel and applications may be more secure, Windows Longhorn Server as a whole most certainly isn.t. Why? Because it never prompts you to set an Administrator password! [...]

By: bitbol: The Reader II

bitbol: The Reader II — Sun, 26 Nov 2006 15:21:21 +0000

[...] come to me through feeds, so if you have a great souorce, email me.Labels: The Reader Posted at 4:16 PM by mike Comments Because I got a series of spam posts, I don’t allow comments to be posted to theblog any more. If you would like to offer input, email me and if it has reasonable merit, I will add it to the post. Recent Posts » Students tested after sharing lancets » PS3-ebay mishaps » The hell-hole that is school » Bank of America in more trouble » Google hurting their own revenue » [Video] Smashing the PS3 » Gmail is a spammer » The Reader VII » Sony loses money on every PS3 » Icebergs heading to New Zealand Monthly Archives » August 2006 » September 2006 » October 2006 » November 2006 A little about me I am a sixteen year old, bisexual, high school teenager. My three biggest passions are: computers, photography, and biking. Computers are what I see as the future; so much of what is done now shapes what is going to happen tomorrow, even if it is our own demise. Photography is something that I have picked up in the past year, and have recently become somewhat serious about, but I’m still not anywhere near where I would like to be. Biking is the great activity that has consumed more than its share of my life. I have enjoyed biking all of my life, and I am thinking of taking it seriously enough to get a newer, race-capable bike. I don’t know where my future is going, but I think I can handle it.Email: spam.zaphod@gmail.com bitbol v1.5 Return to Top | Return to homepage var sc_project=1847423; var sc_invisible=1; var sc_partition=17; var sc_security=”3da2a953″; [...]

By: Vista & Longhorn Server’s “Improved” Security - never prompt to set an Administrator password! (reddit.com)

Thu, 26 Oct 2006 12:02:14 +0000

[...] Vista & Longhorn Server’s “Improved” Security - never prompt to set an Administrator password! (neosmart.net) [...]

By: Vista Server Secure? - HTMLforums � Free Webmaster HTML Help and Discussions

Vista Server Secure? - HTMLforums � Free Webmaster HTML Help and Discussions — Wed, 18 Oct 2006 03:03:35 +0000

[...] Vista Server Secure? Oops, Microsoft have done something wrong! http://neosmart.net/blog/archives/272 That’s just scary in my opinion - they’ve gone backwards! Windows vs Linux server? Not a question anymore __________________ →Visit my blog → Biotech! Biotech! Biotech…..is Godzilla! (( so was Bill Gates, but that was the old film, and he was an evil Godzilla… -_- [...]

By: ha.ckers.org web application security lab - Archive » IE7.0 is Coming

ha.ckers.org web application security lab - Archive » IE7.0 is Coming — Tue, 17 Oct 2006 20:19:16 +0000

[...] Speaking of IE7, I just read an article about Windows Longhorn Server’s complete disgusting security: http://neosmart.net/blog/archives/272 [...]

By: 15MinuteLockout

15MinuteLockout — Tue, 17 Oct 2006 13:12:03 +0000

Longhorn is messy for attended installation. If you think you’re done installing the server features/roles you want to use and logoff into you’re newly created AD_Admin account and try to log back into default admin, there is nothing you can do to get back in. The account gets disabled for login. I have read 90% of the documentation provided by Microsoft about Longhorn installation and configuration, having seen nothing mentioned about this, but it maybe contained in the last 10% that I haven’t read; or at least I hope.

By: BigBruin.Com Forum :: Windows Longhorn Server

BigBruin.Com Forum :: Windows Longhorn Server — Sun, 15 Oct 2006 17:00:17 +0000

[...] LMFAO @ MICROSOFT Just read this_________________ [...]

By: Computer Guru

Computer Guru — Sun, 15 Oct 2006 13:38:03 +0000

[quote comment="6476"]By default, the admin account is disabled. Did you even try using the account?[/quote]

That’s Vista you’re talking about.
This is Longhorn. Big difference. On LH, the only account is the default admin account.

By: Ole

Ole — Sun, 15 Oct 2006 13:32:53 +0000

By default, the admin account is disabled. Did you even try using the account?

By: Savadeep Speaks! » Why be a user of Windows on the server?

Savadeep Speaks! » Why be a user of Windows on the server? — Sun, 15 Oct 2006 01:12:26 +0000

[...] My word! It was of today that I was a reader of this most interesting article about the lackings of security in Windows Longhorn Server. The article, it is a raiser of some points of the utmost importance to server administrators about the passwording capabilities. But this thinking, it makes me wonder a many wonders. And but the biggest wonder is: why be a user of any type of Windows in a production server environments? [...]

By: Hendy Irawan

Hendy Irawan — Sat, 14 Oct 2006 03:33:31 +0000

Ubuntu Linux doesn’t “have” a root password.

You use sudo, which is something like Windows’s runas but a different way.

Instead of logged in as administrator using administrator’s password,
you decide which users can have temporarily elevated privileges as
administrators, then these users can be root at any time (when needed)
simply by using their own password.

I’d say this model is much more secure. You really don’t want to use
your own account that is listed under “Enterprise Admins” group and login
using that in a client computer… A very simple recipe for a complete disaster.

By: Computer Guru

Computer Guru — Fri, 13 Oct 2006 20:30:16 +0000

@Anon Emouse:
Yes, that’s true. But at the very least it’s an in-your-face kind of thing. Windows gives users the ability to decide to say no - it’s their right. But at the same time, the right thing to do is to make doubly sure someone that hasn’t had their morning (four) cup(s) of espresso and hasn’t slept for 48 hours straight doesn’t miss out on something as critical.

It’s security: don’t mess with it. Better safe than sorry.

@Wes: That is correct.
But at the same time, all it takes is once…. Just one attended install, just one omission to observe detail, and it’s over.

@SI285:
That’s the problem though. With Windows 2000 Server, Microsoft used that approach. The “Let’s worry about security last, when everything else is done and works” didn’t exactly suite MS Win 2k too well.
Windows 2003 Beta (if you had the opportunity to test it, that was one hell of a good program) did the exact opposite. Focus on security early, and it’ll pay off.

@Josh:
Not really. You can log in on a local non-domain-server computer as “Domain\Administrator” with no pass and then wreck some havoc…..

The OSNews story at http://www.osnews.com/comment.php?news_id=16152 has some good points too.

By: Anon Emous

Anon Emous — Fri, 13 Oct 2006 20:04:21 +0000

I install Windows Server 2003 regularly in testing and production, and it doesn’t require a password. If you choose to not set a password during setup, it changes the password policy for the local machine. I’m willing to bet that if you want complex passwords in Longhorn server, go to Start–>Run gpedit.msc go to Local Computer Policy–>Computer Configuration–>Windows Settings–>Security Settings–>Account Policies–>Password Policy and then you can setup any old password policy that you want. If you have it AD, then you already know how to set this setting.