NT Domain Login via Cisco IPSec Client
pete at ether.net
Mon Jun 4 08:46:24 EDT 2001
The Cisco VPN Client v3.x supports "Start Before Login".
Start Before Login allows you to connect up with the VPN client prior to
logging in to your machine (NT/W2K/XP) so that you don't have to use cached
credentials and login scripts will run.
On Sun, Jun 03, 2001 at 09:42:07PM -0500, Tina Bird wrote:
> Configure your NT box to ask for a domain login when it
> boots up. Go ahead and enter username, domain and password.
> You'll get an error message, but unless you have specifically
> configured the registry to >NOT< cache the last set of security
> identifiers (which NT does by default), it gets stored.
> Then bring up your VPN. When you try to connect to domain
> network resources, the domain controller verifies access
> privileges based on that cached information.
> Blick. At one point I had written down which registry key to
> edit to prevent this behavior -- cos' it basically means that
> someone can access domain resources without running your login
> scripts -- but I don't seem to have that post-it note any more.
> Anyone out there remember what it is?
> cheers -- tbird
> On Wed, 25 Apr 2001 Patrick.Bryan at ABBOTT.COM wrote:
> > Date: Wed, 25 Apr 2001 12:07:19 -0500
> > From: Patrick.Bryan at ABBOTT.COM
> > To: VPN at SECURITYFOCUS.COM
> > Subject: NT Domain Login via Cisco IPSec Client
> > Anyone have any information on how to authenticate to a NT Domain upon bootup
> > using the Cisco IPSec client? This would be for a Cable / DSL connection..
> > Thanks.....
> > VPN is sponsored by SecurityFocus.COM
> VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html
> life: http://kubarb.phsx.ukans.edu/~tbird
> work: http://www.counterpane.com
> VPN is sponsored by SecurityFocus.com
Pete Davis - Product Manager <psd at cisco.com> (508) 541-7300 x6154
Cisco Systems, Inc. - 38 Forge Park Franklin, MA 02038
VPN is sponsored by SecurityFocus.com
More information about the VPN