Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: {Fraud?} {Disarmed} RE: [ActiveDir] RODC and computer accounts that are allowed to have their creds replicated.
Prev Next
You are not authorized to post a reply.

AuthorMessages
sbradcpaUser is Offline

Posts:496

01/09/2009 2:52 AM  
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
"NTLMv1 is vulnerable to sniff-an-crack attacks

NTLMv2 is not vulnerable"



<a class="moz-txt-link-freetext" href="http://support.microsoft.com/kb/823659">http://support.microsoft.com/kb/823659</a>



LAN Manager (LM) authentication is the protocol that is used to
authenticate Windows clients for network operations, including domain
joins, accessing network resources, and user or computer
authentication. The LM authentication level determines which
challenge/response authentication protocol is negotiated between the
client and the server computers. Specifically, the LM authentication
level determines which authentication protocols that the client will
try to negotiate or that the server will accept. The value that is set
for LmCompatibilityLevel determines which challenge/response
authentication protocol is used for network logons. This value affects
the level of authentication protocol that clients use, the level of
session security negotiated, and the level of authentication accepted
by servers, according to the following table.



Get rid of those pesky older OSs would be a good start.  :-)



It looks like 2k8 is default Network Security:  Lan Manager
authentication level:  Send NTLM v2 response only



Gabriele Scolaro wrote:
<blockquote cite="mid:009b01c96fa7$6fe17d40$4fa477c0$@net" type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Wingdings 2";
panose-1:5 2 1 2 1 5 7 7 7 7;}
@font-face
{font-family:"AR Sans Serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:18.0pt;
font-family:"Times New Roman","serif";
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-weight:bold;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1070927313;
mso-list-type:hybrid;
mso-list-template-ids:1058303726 -2112036034 68157443 68157445 68157441 68157443 68157445 68157441 68157443 68157445;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Brrrr I recall Marcus Murray session was one of those who
really
shocked me!<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">TechNet Webcast: Why I Can Hack Your
Network in a Day! [A live demonstration of techniques and tools used by
hackers
to compromise your network] (Level 300) (ID:1032340737)<o:p></o:p></span></i></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a moz-do-not-send="true"
href="http://www.microsoft.com/events/series/detail/webcastdetails.aspx?seriesid=96&webcastid=2783">http://www.microsoft.com/events/series/detail/webcastdetails.aspx?seriesid=96&webcastid=2783</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a moz-do-not-send="true"
href="http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032340737&EventCategory=3&culture=en-US&CountryCode=US">http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032340737&EventCategory=3&culture=en-US&CountryCode=US</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Before that, I was _ingenuously_ recommending my DAs
colleagues to
use runas to manage AD from their workstation…. :-(<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><span style="">-<span
style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">         
</span></span></span><!--[endif]--><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">is there any countermeasure
to address or at least mitigate that security issue?<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><span style="">-<span
style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">         
</span></span></span><!--[endif]--><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">what’s the recommended way
to manage AD? (e.g. a dedicated hardened VM to connect to via secure
RDP)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Thanks – (yet afraid and worried) Gabriele.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div
style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color blue; border-width: medium medium medium 1.5pt; padding: 0cm 0cm 0cm 4pt;">
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a>
[<a class="moz-txt-link-freetext" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">mailto:ActiveDir-owner@mail.activedir.org</a>] <b>On Behalf Of </b>Crawford,
Scott

<b>Sent:</b> lunedì 5 gennaio 2009 22.02

<b>To:</b> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a>

<b>Subject:</b> RE: [ActiveDir] RODC and computer accounts that are
allowed to
have their creds replicated.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">I think Jorge’s point is that cracking is unnecessary.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style=""><b><span style="font-size: 18pt;"
lang="EN">Hash injection Attacks in a Windows Network<o:p></o:p></span></b></p>
<p class="MsoNormal"><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">aka </span></i><span
lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">Why
an exposed LM/NTLM Hash is comparable to a clear-text
password </span></i></b><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">aka</span></i><span
lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">Why
a 127 character long password is not necessarily
stronger than a 4 character long password</span></i></b><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">aka
</span></i><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">Why
generating LM/NTLM rainbow tables is a complete waste
of time</span></i></b><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">aka</span></i><span
lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">Passing-the-hash
for direct authentication to remote
systems</span></i></b><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">aka</span></i><span
lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">Why
one vulnerable system can compromise the entire
Active directory forest</span></i></b><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">aka</span></i><span
lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span
style="font-size: 10pt; font-family: "Arial","sans-serif";" lang="EN">One
of the scariest Windows authentication hacks you ever
saw.......</span></i></b><span lang="EN"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a moz-do-not-send="true"
href="http://truesecurity.se/blogs/murray/archive/2007/03/16/why-an-exposed-lm-ntlm-hash-is-comparable-to-a-clear-text-password.aspx">http://truesecurity.se/blogs/murray/archive/2007/03/16/why-an-exposed-lm-ntlm-hash-is-comparable-to-a-clear-text-password.aspx</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a>
[<a class="moz-txt-link-freetext" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">mailto:ActiveDir-owner@mail.activedir.org</a>] <b>On Behalf Of </b>Michael
B.
Smith

<b>Sent:</b> Monday, January 05, 2009 2:38 PM

<b>To:</b> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a>

<b>Subject:</b> RE: [ActiveDir] RODC and computer accounts that are
allowed to
have their creds replicated.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">It’s certainly possible to crack the hash with rainbow
tables. My 64 GB tables get more than 99% of passwords.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">My blog: <a class="moz-txt-link-freetext" href="http://TheEssentialExchange.com/blogs/michael">http://TheEssentialExchange.com/blogs/michael</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">I'll be at TEC'2009!
<a class="moz-txt-link-freetext" href="http://www.tec2009.com/vegas/index.php">http://www.tec2009.com/vegas/index.php</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a>
[<a class="moz-txt-link-freetext" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">mailto:ActiveDir-owner@mail.activedir.org</a>] <b>On Behalf Of </b>Jorge
de
Almeida Pinto

<b>Sent:</b> Monday, January 05, 2009 3:00 PM

<b>To:</b> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a>

<b>Subject:</b> RE: [ActiveDir] RODC and computer accounts that are
allowed to
have their creds replicated.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Did you know it is possible to misuse an AD account when
having:
the logon name and the password hash? (I do not care about the actual
password)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="NL">Met vriendelijke groeten / Kind regards,<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="NL"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style=""><b><span
style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="PT">Ing.
Jorge de Almeida Pinto<o:p></o:p></span></b></p>
<p class="MsoNormal" style=""><i><span
style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="PT">Senior
Technical Consultant<o:p></o:p></span></i></p>
<p class="MsoNormal" style=""><i><span
style="font-size: 10pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="PT">MVP
Identity & Access - Directory Services<o:p></o:p></span></i></p>
<p class="MsoNormal"><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB">Oxford Computer Group Benelux<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: Wingdings; color: rgb(31, 73, 125);"
lang="EN-US">(</span><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB">: +31 (0)6 26.26.62.80 | </span><span
style="font-size: 10pt; font-family: Wingdings; color: rgb(31, 73, 125);"
lang="EN-US">(</span><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB">: +31 (0)70 36.21.045 | </span><span
style="font-family: "Wingdings 2"; color: rgb(31, 73, 125);"
lang="EN-US">7</span><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB">: +31
(0)70 36.21.677

</span><b><span
style="font-size: 10pt; font-family: Wingdings; color: rgb(31, 73, 125);"
lang="EN-US">-</span></b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB">: Sweelinckplein 9 - 11 (unit 11), 2517
GK, Den Haag, The Netherlands (<a moz-do-not-send="true"
href="http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+%28unit+11%29,+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+%28unit+11%29,+2517+GK,+Den+Haag,+The+Netherlands">Google
Maps</a>;) (<a moz-do-not-send="true"
href="http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005%7E4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20%28unit%2011%29%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1">Live
Maps</a>;)

</span><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="NL"></span><a moz-do-not-send="true"
href="blocked::blocked::http://www.oxfordcomputergroup.com/"
title="blocked::blocked::http://www.oxfordcomputergroup.com/
blocked::http://www.oxfordcomputergroup.com/"><font
color="red"><b>MailScanner ha rilevato un possibile tentativo di frode
proveniente da "blocked::http:" </b></font> <span lang="EN-GB">www.oxfordcomputergroup.com</span></a><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB"> |
Expertise in Identity & Access Management<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB">Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW
NL8188.31.972.BO1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><img id="Picture_x0020_1"
src="cid:part1.02030503.04070805@pacbell.net" border="0" height="57"
width="602"></span><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(31, 73, 125);"
lang="NL"><o:p></o:p></span></p>
<p class="MsoNormal" style=""><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB">________________________________________________________________<o:p></o:p></span></b></p>
<p class="MsoNormal" style=""><b><i><u><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB">MVP
Profile</span></u></i></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"> </span></b><b><span
style="font-size: 9pt; font-family: Wingdings; color: rgb(23, 54, 93);"
lang="PT-BR">à</span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="PT-BR"> </span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"><a moz-do-not-send="true"
href="https://mvp.support.microsoft.com/profile/jorge1">https://mvp.support.microsoft.com/profile/jorge1</a><o:p></o:p></span></b></p>
<p class="MsoNormal" style=""><b><i><u><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB">MVP
Home Site</span></u></i></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"> </span></b><b><span
style="font-size: 9pt; font-family: Wingdings; color: rgb(23, 54, 93);"
lang="PT-BR">à</span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="PT-BR"> </span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"><a moz-do-not-send="true"
href="https://mvp.support.microsoft.com/">https://mvp.support.microsoft.com/</a><o:p></o:p></span></b></p>
<p class="MsoNormal" style=""><b><i><u><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB">MVP
Overview</span></u></i></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"> </span></b><b><span
style="font-size: 9pt; font-family: Wingdings; color: rgb(23, 54, 93);"
lang="PT-BR">à</span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="PT-BR"> </span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"><a moz-do-not-send="true"
href="https://mvp.support.microsoft.com/mvpexecsum">https://mvp.support.microsoft.com/mvpexecsum</a><o:p></o:p></span></b></p>
<p class="MsoNormal" style=""><b><i><u><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-US">BLOG</span></u></i></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-US"> </span></b><b><span
style="font-size: 9pt; font-family: Wingdings; color: rgb(23, 54, 93);"
lang="PT-BR">à</span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="PT-BR"> </span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-US"><a moz-do-not-send="true"
href="http://blogs.dirteam.com/blogs/jorge/default.aspx">http://blogs.dirteam.com/blogs/jorge/default.aspx</a></span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB"><o:p></o:p></span></b></p>
<p class="MsoNormal" style=""><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-GB">________________________________________________________________</span></b><b><span
style="font-size: 9pt; font-family: "Verdana","sans-serif"; color: rgb(23, 54, 93);"
lang="EN-US"><o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a>
[<a class="moz-txt-link-freetext" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">mailto:ActiveDir-owner@mail.activedir.org</a>] <b>On Behalf Of </b>Tony
Gordon

<b>Sent:</b> Monday, January 05, 2009 20:45

<b>To:</b> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a>

<b>Subject:</b> RE: [ActiveDir] RODC and computer accounts that are
allowed to
have their creds replicated.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span lang="EN-US">

</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">Appreciate
everyone's answers.</span><span lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: blue;"
lang="EN-US">member: CN=Domain Controllers,CN=Users,DC=trouble,DC=loc</span><span
lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">:).
 OK, so the Domain Controller's password will not be replicated to the
RODC.  Should have looked before asking.</span><span lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: rgb(0, 64, 128);"
lang="EN-US">The specific risk is that the password of all computer
accounts
is still distributed on all RODCs. I would still use the specific allow
group
for a particular RODC and automate the group membership in some way
using
scripts or your IdAM solution (e.g. ILM) if you already have such.</span><span
lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">IdAM
is only managing user accounts not computer accounts.  So I guess the
question should have been formulated as:  </span><span lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">How
much of a risk at this time is if the passwords of the member computers
are
replicated to the RODCs?  </span><span lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">Computer
passwords should be fairly strong and NTLM hash storage is disabled by
the policy
(IIRC they are longer then 14 char and not stored anyway).</span><span
lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">So
how much of a risk it really is?</span><span lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

</span><span
style="font-size: 10pt; font-family: "AR Sans Serif","serif";"
lang="EN-US">

Thank you, Tony. </span><span lang="EN-US">



<img id="_x0000_i1025" src="cid:part2.08020901.09000903@pacbell.net"
border="0" height="60" width="60"></span><b><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

Tony Gordon </span></b><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"
lang="EN-US">

Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP

ITS Infrastructure Engineering

Hewitt Associates  |  100 Half Day Road  |  Lincolnshire,
 IL  60069  |  USA

Tel  847.295.5000 x50526  |  Fax  847.554.1574  

tony dot gordon at hewitt dot com  |  </span><span lang="EN-US"></span><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"><a
moz-do-not-send="true" href="www.hewitt.com">www.hewitt.com</a>
<o:p></o:p></span></p>
<table class="MsoNormalTable" style="width: 100%;" border="0"
cellpadding="0" width="100%">
<tbody>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: rgb(95, 95, 95);">From:</span>
<o:p></o:p></p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";">joe
<a class="moz-txt-link-rfc2396E" href="javascript:window.location.replace('ma'+'ilto:'+'listmail'+'@'+'joeware'+'.net')"><listmail@joeware.net></a></span> <o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: rgb(95, 95, 95);">To:</span>
<o:p></o:p></p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"><a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a></span>
<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: rgb(95, 95, 95);">Date:</span>
<o:p></o:p></p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";">01/02/2009
03:11 PM</span> <o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: rgb(95, 95, 95);">Subject:</span>
<o:p></o:p></p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";">RE:
[ActiveDir] RODC and computer accounts that are allowed to have their
creds replicated.</span> <o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: rgb(95, 95, 95);">Sent
by:</span> <o:p></o:p></p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"><a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align: center;" align="center"><span
lang="EN-US">
<hr style="color: rgb(160, 160, 160);" align="center" noshade="noshade"
size="2" width="100%"></span></div>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span lang="EN-US">





</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: blue;"
lang="EN-US">Here is the round about answer to your second question. :)</span><span
lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: blue;"
lang="EN-US">dn:CN=Denied RODC Password Replication
Group,CN=Users,DC=trouble,DC=loc

>member: CN=Read-only Domain Controllers,CN=Users,DC=trouble,DC=loc

>member: CN=Group Policy Creator Owners,CN=Users,DC=trouble,DC=loc

>member: CN=Domain Admins,CN=Users,DC=trouble,DC=loc

>member: CN=Cert Publishers,CN=Users,DC=trouble,DC=loc

>member: CN=Enterprise Admins,CN=Users,DC=trouble,DC=loc

>member: CN=Schema Admins,CN=Users,DC=trouble,DC=loc

>member: CN=Domain Controllers,CN=Users,DC=trouble,DC=loc

>member: CN=krbtgt,CN=Users,DC=trouble,DC=loc</span><span
lang="EN-US">





</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: blue;"
lang="EN-US">--</span><span lang="EN-US">

</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: blue;"
lang="EN-US">O'Reilly Active Directory Fourth Edition - </span><span
lang="EN-US"></span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><a
moz-do-not-send="true" href="http://www.joeware.net/win/ad4e.htm">http://www.joeware.net/win/ad4e.htm</a></span><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: blue;"
lang="EN-US">
</span><span lang="EN-US">



  <o:p></o:p></span></p>
<div class="MsoNormal" style="text-align: center;" align="center"><span
lang="EN-US">
<hr align="center" size="2" width="100%"></span></div>
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a> [</span><span
lang="EN-US"></span><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"><a
moz-do-not-send="true" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">mailto:ActiveDir-owner@mail.activedir.org</a></span><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">] <b>On
Behalf Of </b>Tony Gordon<b>

Sent:</b> Friday, January 02, 2009 3:36 PM<b>

To:</b> <a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a><b>

Subject:</b> [ActiveDir] RODC and computer accounts that are allowed to
have
their creds replicated.</span><span lang="EN-US">



</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

We are planning to deploy RODCs to the regional offices.  We have a
relatively painless way to automatically populate the groups that allow
"caching"  the creds with the user accounts for each RODC.
 Computer accounts present more of a challenge.  One of the thoughts
is to just put domain computers group into the "Allowed RODC Password
Replication" Group.</span><span lang="EN-US">

</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

What are the specific risks we would be incurring in that scenario?</span><span
lang="EN-US">

</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

Is there a scenario where another DC (RO or RW) would auth to a
particular RODC
and in doing so cause to have its password replicated to an RODC?</span><span
lang="EN-US">

</span><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

How did other people that deployed RODCs dealt with this issue.</span><span
style="font-size: 10pt; font-family: "AR Sans Serif","serif";"
lang="EN-US">



Thank you, Tony. </span><span lang="EN-US">



<img id="_x0000_i1028" src="cid:part2.08020901.09000903@pacbell.net"
border="0" height="60" width="60"></span><b><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"
lang="EN-US">

Tony Gordon </span></b><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"
lang="EN-US">

Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP

ITS Infrastructure Engineering

Hewitt Associates  |  100 Half Day Road  |  Lincolnshire,
 IL  60069  |  USA

Tel  847.295.5000 x50526  |  Fax  847.554.1574  

tony dot gordon at hewitt dot com  |  </span><span lang="EN-US"></span><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"><a
moz-do-not-send="true" href="www.hewitt.com">www.hewitt.com</a>
<o:p></o:p></span></p>
<div class="MsoNormal" style="text-align: center;" align="center"><span
lang="EN-US">
<hr align="center" size="2" width="100%"></span></div>
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"
lang="EN-US">

The information contained in this e-mail and any accompanying documents
may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or
if this
message has been addressed to you in error, please immediately alert
the sender
by reply e-mail and then delete this message, including any
attachments. Any
dissemination, distribution or other use of the contents of this
message by
anyone other than the intended recipient is strictly prohibited. All
messages
sent to and from this e-mail address may be monitored as permitted by
applicable law and regulations to ensure compliance with our internal
policies
and to protect our business. E-mails are not secure and cannot be
guaranteed to
be error free as they can be intercepted, amended, lost or destroyed,
or
contain viruses. You are deemed to have accepted these risks if you
communicate
with us by e-mail. </span><span lang="EN-US"><o:p></o:p></span></p>
<div class="MsoNormal" style="text-align: center;" align="center"><span
lang="EN-US">
<hr align="center" size="2" width="100%"></span></div>
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"
lang="EN-US">

The information contained in this e-mail and any accompanying documents
may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or
if this
message has been addressed to you in error, please immediately alert
the sender
by reply e-mail and then delete this message, including any
attachments. Any
dissemination, distribution or other use of the contents of this
message by
anyone other than the intended recipient is strictly prohibited. All
messages
sent to and from this e-mail address may be monitored as permitted by
applicable law and regulations to ensure compliance with our internal
policies
and to protect our business. E-mails are not secure and cannot be
guaranteed to
be error free as they can be intercepted, amended, lost or destroyed,
or
contain viruses. You are deemed to have accepted these risks if you
communicate
with us by e-mail. </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p><span lang="EN-US">__________ Information from ESET Smart
Security, version of
virus signature database 3739 (20090105) __________<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p><span lang="EN-US">The message was checked by ESET Smart Security.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p><span lang="EN-US"><a class="moz-txt-link-freetext" href="http://www.eset.com">http://www.eset.com</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">



__________ Information from ESET Smart Security, version of virus
signature
database 3739 (20090105) __________



The message was checked by ESET Smart Security.



<a moz-do-not-send="true" href="http://www.eset.com">http://www.eset.com</a><o:p></o:p></span></p>
</div>
</div>
</blockquote>
</body>
</html>

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: {Fraud?} {Disarmed} RE: [ActiveDir] RODC and computer accounts that are allowed to have their creds replicated.



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:argofgarcia
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5235
People OnlinePeople Online:
VisitorsVisitors:38
MembersMembers:0
TotalTotal:38
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use