Slashdot Mirror

← Back to Stories (view on slashdot.org)

Longhorn Server's "Improved" Security

Posted by ryuzaki0 on from the articulate-vegetable dept.

An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"

7 of 151 comments (clear)

  1. Did you know? by Anonymous Coward · · Score: 5, Informative

    Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.

    Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.

  2. Re:If this is true... by From+A+Far+Away+Land · · Score: 3, Informative

    Don't forget that it includes PVP DRM, meaning Microsoft can compell your monitor not to show video unless it's sure that you've bought a comercial video disc.

    --
    Oh You POS
  3. This is a beta OS. Everything can and will change. by postbigbang · · Score: 3, Informative

    Lots of testers and researchers give VERY LOW SCORES when passwords aren't treated like they ought to be. What with machines that can do 100,000+ dictionary attacks per second, busting weak passwords is comparative childs play.

    So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.

    Not that I particularly like Microsoft, but fair is fair-- this is far from release code.

    --
    ---- Teach Peace. It's Cheaper Than War.
  4. Re:If the author is creating a new domain in Longh by Utopia · · Score: 3, Informative

    I should also point out that by default the machine administrator account is disabled.
    So no amount of password-cracking software will let you log-in as admin.

  5. How about by El+Lobo · · Score: 0, Informative

    reading the fucking manual nwebie? If you are installing a server as a member of a domain, it will use the domain administrator account because the LOCAL administrator is anyway DISABLED, so there is no need to PROMPT you for a password that already exists. Gee, you don't even deserve to be in this site. Or maybe 98% of this site's users are like you?

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  6. Re:What's "Longhorn" by Anonymous Coward · · Score: 1, Informative

    "Longhorn Server" is still the code name for the successor to Windows Server 2003. "Longhorn" was also the code name for Windows Vista prior to them giving it a new name for marketing purposes.

            -ShadowRanger

  7. Re:Right, this is a question of physical security by toadlife · · Score: 2, Informative

    Nope.

    By default, an account with a blank password cannot be used with "runas".

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.