Dan Uscatu <duscatu (at) lunatech (dot) ro [email concealed]> wrote:
> i am using my laptop outside the domain, logged in as local
> administrator. now i can access the c$ and d$ shares (and all others)
1. you have the same password as your local administrator and as domain
admin ; AND at the same time
2. DC (and other computers in domain) is accepting NTLM (without
Kerberos, ie. without "v2") authentication
If you run AD in native mode, in most cases you can stop using NTLM auth
and use NTLMv2 only. There is setting in GPO for that
> i am using my laptop outside the domain, logged in as local
> administrator. now i can access the c$ and d$ shares (and all others)
1. you have the same password as your local administrator and as domain
admin ; AND at the same time
2. DC (and other computers in domain) is accepting NTLM (without
Kerberos, ie. without "v2") authentication
If you run AD in native mode, in most cases you can stop using NTLM auth
and use NTLMv2 only. There is setting in GPO for that
regards
B.
[ reply ]