FingerPrint Security

Toshiba Satellite A105: Client purchased from Estate. Hoewever, has a fingerprint security system. any ideas on how to break in?

if there is a bios password lock, you won’t be able easily to reformat - but usually, If I can’t get the local machine to do what I need, I take out the hard drive and put it into a scratch pc I *can* use for booting from and change it there.

User security after drive fails

I had the boot sector fail on my laptop hardrive. I replaced the drive and I can get into the old drive and cleaned off all of the files on the shred directory without any problem. I hooked up the drive though a usb port, but I had my personal directory secured via the login name and pasword. I can see the directory and the filew within the directory (My Documents, My Videos,etc,) but i canot open the directories to get any files out. Doe anyone know how I could check tos ee if there is something n the My Docs folder I need?

You will need to take ownership of the directory and sub folders to access the files for copying etc.
Right click the folder and select properties and click the security tab.
Then select the Advanced button, Then click the Owner Tab.
Select the user you wish to be the new owner then tick the box replace owner on subcontainers and objects.

Close the window, then you should be able to access it ok.

How do I globally turn off Data Execution Protection in Vista?

DEP is killing me on a special piece of forensic software I need to run. The individual exception is not working. How do I globally kill DEP?

Thank you,

Mike

To disable:
bcdedit.exe /set {current} nx AlwaysOff

To enable:
bcdedit.exe /set {current} nx OptIn

To verify current setting:
wmic OS Get DataExecutionPrevention_SupportPolicy

0 AlwaysOff DEP is disabled for all processes.
1 AlwaysOn DEP is enabled for all processes.
2 OptIn DEP is enabled for only Windows system components and services have DEP applied. Default setting.
3 OptOut DEP is enabled for all processes. Administrators can manually create a list of specific applications which do not have DEP applied.
Not what you’re looking for? Ask an Expert.

Preventing Static IP’s

I need to find a way to prevent laptops that are using our wireless network from assigning themselves a static IP.

Let me give you a little background on our network:

- We are a high school
- We are using multiple 3Com 4500G Switches
- Our wireless network is a 3Com Managed WX2200 w/ around 45 AP’s
- School owned computers have Static IP’s - Student laptops have reserved DHCP
- We have a NAC that sits infront of our DHCP server to enforce policies before a laptop or outside computer can gain access to the network.
- We are using a 10.x.x.x Class A IP scheme. No VLANs or routers.

What we are finding is that students are becoming wise enough to figure out how to get around the NAC enforced policies by putting a static IP on their computer prior to making a wireless connection. Because the NAC sits in line with the DHCP server, if the NIC never requests a DHCP, it never gets challenged by the NAC.

I need to know if there is a way to keep users from being able to put a static IP on their computer and gain access to the network. Is there a way that I could use the switches, by where I provide it a list of MAC addresses that should be requesting DHCP and if they dont, block them???

Any and all solutions are welcomed Thanks in advance!

You cannot accomplish what you want without enabling 802.1x on the switch…
Please read: http://www.microsoft.com/downloads/details.aspx?FamilyID=05951071-6b20-4cef-9939-47c397ffd3dd&displaylang=en

page 12:
Deploy your authenticating switches to provide network access for your wired network. Configure your authenticating switches to support 802.1X authentication and RADIUS. Configure the RADIUS settings on your authenticating switches with the following:
1. The IP address or name of a primary RADIUS server, the shared secret, UDP ports for authentication and accounting, and failure detection settings.
2. The IP address or name of a secondary RADIUS server, the shared secret, UDP ports for authentication and accounting, and failure detection settings.
-rich

Have I been Hacked?

I think my SBS server has just been hacked…

Yesterday I set up Outlook Web Access and enabled Remote Administration. I also bought and installed a new Router. Now being fairly security conscious I decided that user A could only connect to Computer A, user B to Computer B and User C could not connect to anything. So, basically I had disabled Outlook Web Access for some users within one group policy. Checking this I learn’t that during and after a remote login, the original user of the machine will be confronted with a Windows msg box saying Computer Locked, CTRL ALT DELETE to Login etc.

I asked one of the ‘enabled’ users to check their mail last night by remotely logging in. Everyone else had checked theres with no issue except him. This morning he reported that he could not access because he could not get beyond the login screen. Either the username or password was wrong.
Username was fine and I double checked he wasn’t typing in false data i.e. bad password. Nothing.

Today the accounts department had just finished their work using the server for the day. The familiar Windows Update shield was in the far right corner. No obvious problems except historically the server has around 500meg of space which is far too little I accept.
I suddenly noticed my Outlook losing then lost connection with the server. Checking others in the office it all started to go very wrong indeed. Could not use Remote Access, could not bring up another Radmin service (PCAnywhere) to try and log in to it. Plugging in a VGA screen to the server revealed that while everyone could still use the Internet - my SBS box is the DNS (I think) - it was completely unresponsive and would not even recognise a usb keyboard plugged in.
It then went black screen and rebooted. I used the server username & password to access the desktop.

15 mins later when all was calm again I checked the server using the Radmin tools with the view of checking the Event log to try and work out the problem. On connecting it had told me the computer was locked. It cant be unless someone Remotely accessed it, surely!!

The event viewer only gives me a slight indication of an error. One service had been attempting to ‘connect’/download or other for 88000 seconds. Other than that a few emails stored for a little too long and a pop3 mailbox playing up. Nothing else.

I want to know what you think about this and how you would of reacted given the situation.
The large amount of points available suggests that changes might have to be made to the way the IT integrates with the rest of the business as it continues to have more of an effect. I want to know Bandwidth, I want to know about Routers, I want to know about the possibility I’ve been victim to a Brute Force attack or that one of the ‘higher up’ users has mistakenly entered the Server username and password in to a false website, not our subdomain.

I suggest you look at the GPO changes you made to “disable OWA” for certain users. Make sure those policy changes will not impact the server and its services too.

How could your users have the admin account name and password?!?!? No one should know that username/password combination except the one that manages the server and the owner of the business.

Are any of the “users” given domain admin rights?

Philip
Not what you’re looking for? Ask an Expert.