Re: Mass Machine Login

[Brian Loe <knobdy () gmail com>]

On 1/23/06, Adam Kane <kane () linkitsoftware com> wrote:
>  Ryan Cummings wrote:
> > -----Original Message-----
> > From: Ryan Cummings [mailto:ryan.r.cummings () gmail com]
> > Sent: Tuesday, January 17, 2006 10:06 PM
> > To: security-basics () securityfocus com
> > Subject: Mass Machine Login
> I feel having the same login/password on all 75 computers is a bad
> security practice.

I think that in some environments - a call center for instance - an
auto-login actually improves security:
User base which is likely volatile have no knowledge of password.
All users have the same access (for apps and network).
Less user administration - fewer opportunities to screw up.
Default password can be very complex and changed often - daily even,
for the most severely volatile user base.

That's just off the cuff. I've implemented this solution for these
reasons and many others, but essentially you wind up with a very
controlled environment with limited apps running or available and very
limited network access. Where I implemented it, for instance, the
users only had access to their browser and only had access to the
network enough to hit our internal webservers (which ran the app they
needed to get to).

> Are you talking about logging into all the computers via SSH or FTP or
> something like that or are you talking about having the computers
> automatically log in when booted?

This is what I'm wondering more about - details are everything here.
As I recall, you are running XP machines, are they in AD? If so, you
should be able to very easily change the login for all of them  - for
good or just the next reboot. There are a ton of scripts available
from Microsoft to do just that.