Security Basics mailing list archives
Re: workgroup
From: "Vic Parat" <vic.parat () nssecurity com>
Date: Tue, 11 Feb 2003 09:55:45 -0800
Kenzo, This reason you're seeing windows workgroup "pop up" is that they broadcast their names every so often and that broadcast is cached. Going to ad will not stop the broadcast and they will still show up. Workgroups are base on a peer to peer model where accounts are held locally to each machine, you really couldn't get in unless you had an account on each machine belonging to the workgroup. Regardless of the local policy, they will still need to broadcast their nbt name table which you can capture via your local nbt cache: c:\nbtstat -c. At which point you can look them up via: c:\nbtstat -A xxx.xxx.xxx.xxx (their ip address). Look for any nbt types <03> (messenger service), it will should list their computer name and the currently logged on account. This all assuming they have not disabled NetBIOS on their network interface, in which all of this is mute including the name broadcast. You can also look at your current leases on your dhcp server. Side note: you're given your end users a lot of credit regarding their technical knowledge. My experience shows that users don't know a thing about workgroups, local policies, or protocol filtering. They just plug in and expect to be able to do their job. Vic Parat ----- Original Message ----- From: "Kenzo" <kenzo_chin () hotmail com> To: <security-basics () securityfocus com> Sent: Tuesday, February 11, 2003 8:31 AM Subject: workgroup
I was wondering if there's a way to see who's in a windows workgroup. Yes, my work still use windows workgroup. I 've been trying to change
that
to AD so that the guys to have to run around just to install updates. Getting there slowly. Anyways, I've notice that sometimes a workgroup will just pop up. Most of the time when someone brings in a laptop from home and plugs it in, it
will
do that. But now, In windows 2000, you have an option that you can set so that no one can get in your computer( I believe in the local security policy), so anyone trying to go into the workgroup won't be able to. Usually if someone bring in their laptop, they let us know ahead of time
to
make sure that it's ok, but what if someone did come in and set their computer to block all access to it, how can I see who it is. Like the computer name or IP address. Thanks.
Current thread:
- workgroup Kenzo (Feb 11)
- Re: workgroup Vic Parat (Feb 12)
- Re: workgroup Kenzo (Feb 12)
- Re: workgroup Vic Parat (Feb 13)
- RE: workgroup David Gillett (Feb 14)
- Re: workgroup Kenzo (Feb 12)
- Re: workgroup Vic Parat (Feb 12)
- RE: workgroup Jack Furman (Feb 12)