Re: Windows Server 2003 - Not secure from my test but OSX from Mac is secure from the start

[Jimi Thompson <jimit () myrealbox com>]

My point was that with the new "diskless utilities" that I can now 
boot the machine off my password change utility OVER THE WIRE. 
Physical access is no longer a requirement.

Jimi

At 3:07 AM +0200 9/20/03, Ansgar -59cobalt- Wiechers wrote:
> On 2003-09-18 Jimi Thompson wrote:
> > >  There are so many tools out there that can reset the Administrator
> > >  account with console access to Windows that _no_ Windows machine is
> > >  safe if it is not physically secure.
> >
> >  A prime example of this can be observed by booting a Windows XP
> >  machine off a Windows 2000 CD.  Windows 2000 "assumes" that the SAM is
> >  corrupt and allows you to fire up the recovery console to pull off
> >  just about anything you want including stuff off the encrypted
> >  partitions.
>
> What else should it do, if it can't read the SAM? Deny access? That
> would render the recovery console useless in case of an actually
> corrupted SAM.
>
> >  Another example of this are the Linux boot floppy utilities that
> >  actually 1-  reset the Admin password to the one of your choice  2-
> >  allow you to select one or 3 - allow you to dissect and decrypt the
> >  SAM. This is why so many of the remote management "disk-less floppy"
> >  utilities make me nervous.  Now I can use "password recovery"
> >  utilities over the wire.
> >
> >  Just what I needed - SOMETHING ELSE to worry about......
>
> With someone having physical access to the machine there is absolutely
> *no* difference of any significance between Windows, Linux or OS X. You
> don't have a point.
>
> Regards
> Ansgar Wiechers
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------