querying an NT domain for a list of logged-in users

Stephen Langasek vorlon at netexpress.net
Tue Aug 17 14:46:21 GMT 1999


On Tue, 17 Aug 1999, Robert Dahlem wrote:

> Are you really sure you want to trust what the potential badass' machine says who 
> it is? This looks to me like some kind of M$ security feature ...

Yes, I'm sure we want to do this. :)  Given the implications, I wouldn't be
happy deploying this on my /own/ network, but we plan to provide this as a
service to others whose only other option is to use MS Proxy server to
achieve the same effect using similar methods.

This is also not intended for protecting data, it is primarily to prevent
abuses by employees.  If configured correctly, the risks of this can also be
minimized. The only way to gain unauthorized access to the Internet would be
to reboot a machine that an authorized user has logged into, log in, and
connect to the outside world before the firewall notices the change.  As
long as it can be guaranteed that the information about logins does come
from the PDC (not a difficult problem), this solution should be fairly
trouble-free -- or at least as trouble-free as the MS implementation. :)

-Steve Langasek
postmodern programmer

More information about the samba mailing list