Q. I want to use the full features of the Outlook client, to be able to send and receive emails etc when not on the LAN. Can I do this from the client side or will I have to get the service desk at work to set it up (please say I won't have to because it will take 6 years)
A. There are many solutions I can think of, and all of them will probably be against company policy and could get you in trouble. Use at your own risk!
Ok, so here goes:
1.) www.logmein.com has free remote control software, best solution I know of. Works great!
2.) Use Windows Remote Desktop (very easy to set up, but may not work via your company's network due to firewalls)
3.) Use a commercial product called gotomypc by citrix. Excellent product, works the exact same way as logmein.
4.) Use VNC, free open source remote access server-client program, harder to set up and a little slower too... not recommended.
That's basically it.
Hope this helps!
Ok, so here goes:
1.) www.logmein.com has free remote control software, best solution I know of. Works great!
2.) Use Windows Remote Desktop (very easy to set up, but may not work via your company's network due to firewalls)
3.) Use a commercial product called gotomypc by citrix. Excellent product, works the exact same way as logmein.
4.) Use VNC, free open source remote access server-client program, harder to set up and a little slower too... not recommended.
That's basically it.
Hope this helps!
Is there an advantage to disabling the SSID on your router?
Q. I understand to increase security on your network, some suggest to Disable the SSID so the router doesn't broadcast your network name for others to see. That's fine, but, my own desk top & iPod's don't see my network either, so, how am I suppose to find it to log on? Wouldn't having the network pass worded & having WPA2 be enough to prevent intrusion?
Thanks for any tips!
Thanks for any tips!
A. Disabling the SSID, making what's called a "hidden network", really doesn't stop those sniffing the wifi signals. It's all viewable to them using special software.
Not only that, when you use a device like a laptop that tries to reconnect to the hidden network when your away from it, say at a coffee shop of hackers, the laptop is just calling out the network name like "hey joe you there" letting those who know you got a hidden network somewhere.
The hidden network feature only helps if your in a high traffic area with a lot of regular computer users with their "always looking for a network" devices from overworking your router.
If not overworking your router is what you need, and you don't need remote log-in to it over the Internet, then you should also disable it and ping as well. This does increase security as well as creating a WPA2 AES (personal) password with 24 or more random letters, numbers and characters for the Admin access and another 24 plus random character password for the Guest Internet access only account.
The advantage of a Guest Access is that's what you use in all your devices, if a computer gets hacked via web site or a download, the attackers only have the routers Guest password, not the Admin password. Therefore they can't change the routers Domain Name Service and route all banking sites on all devices to dummy sites in Nigeria for instance.
If you want to restrict certain devices to your network, you can allow them with only certain MAC addresses unique to every device. However this won't stop a hacker as they can mask their own MAC address with one that is allowed on the network when they "sniff" the network traffic. So again the (so far) uncracked WPA2 with AES is your only protection. WEP and WPA are both cracked and software is freely available to compromise these network encryption standards.
To connect to a hidden network requires going into your Network Setting and creating a new entry with the SSID name, password and type. Saving it, then attempting to connect. The hidden network name isn't being broadcasted by the router so the automated software doesn't display it in a list of other network names.
Some newer operating systems provide a easy menu option to "Connect to Hidden Network" which gives a dialog asking for both the name (SSID) and the password (and it's type) of the network.
Not only that, when you use a device like a laptop that tries to reconnect to the hidden network when your away from it, say at a coffee shop of hackers, the laptop is just calling out the network name like "hey joe you there" letting those who know you got a hidden network somewhere.
The hidden network feature only helps if your in a high traffic area with a lot of regular computer users with their "always looking for a network" devices from overworking your router.
If not overworking your router is what you need, and you don't need remote log-in to it over the Internet, then you should also disable it and ping as well. This does increase security as well as creating a WPA2 AES (personal) password with 24 or more random letters, numbers and characters for the Admin access and another 24 plus random character password for the Guest Internet access only account.
The advantage of a Guest Access is that's what you use in all your devices, if a computer gets hacked via web site or a download, the attackers only have the routers Guest password, not the Admin password. Therefore they can't change the routers Domain Name Service and route all banking sites on all devices to dummy sites in Nigeria for instance.
If you want to restrict certain devices to your network, you can allow them with only certain MAC addresses unique to every device. However this won't stop a hacker as they can mask their own MAC address with one that is allowed on the network when they "sniff" the network traffic. So again the (so far) uncracked WPA2 with AES is your only protection. WEP and WPA are both cracked and software is freely available to compromise these network encryption standards.
To connect to a hidden network requires going into your Network Setting and creating a new entry with the SSID name, password and type. Saving it, then attempting to connect. The hidden network name isn't being broadcasted by the router so the automated software doesn't display it in a list of other network names.
Some newer operating systems provide a easy menu option to "Connect to Hidden Network" which gives a dialog asking for both the name (SSID) and the password (and it's type) of the network.
how do I configure a gpo to restrict users from stopping the terminal services service?
Q. I am looking in the group policy management console and I cannot find a way to keep users on the domain from setting the terminal services service to manual. The problem I am running into is we have some semi Microsoft savvy software engineers that think they are doing a good thing and blocking weaknesses, the problem is when they want us to remote into their pc to fix issues we have to wait until they are at their desks to start the terminal services service.
A. Simple: Open an existing GPO or create a new one. Edit it and under Computer/Windows Security/Services set the Remote Desktop service to automatic. Further restrict it by setting who can query the service by removing the Users rights to read it. The user will not be able to change their terminal service startup. One catch is if they are able to edit the registry, they can change the startup DWORD to 4 or 2 (disabled/manual respectively). You can prevent this by blocking users from being able to use registry editing programs (GPO). Then, if they're still able to get to edit the registry, block their rights to regedit.exe and regedt32.exe (GPO). That should hold them at bay.
If that's not good enough, edit the computer configuration Computer/Windows Security/User Rights Assignment (I believe) and set the "Users that can connect to this computer via Terminal Services" to trusted users only (or none).
Finally, don't allow anyone to have local administrative rights on the computers. If you do, you're not going to be able to stop them from blocking the GPO from being applied, as they can restrict this via the registry...
WG
If that's not good enough, edit the computer configuration Computer/Windows Security/User Rights Assignment (I believe) and set the "Users that can connect to this computer via Terminal Services" to trusted users only (or none).
Finally, don't allow anyone to have local administrative rights on the computers. If you do, you're not going to be able to stop them from blocking the GPO from being applied, as they can restrict this via the registry...
WG
Powered by Yahoo! Answers
No comments:
Post a Comment