On Friday 13 February 2015 14:42:09 Chris Murphy wrote:
Do you not see how your password policy defend hinges on grandiose
assumptions? I have many devices lying around without any information
on them, they're used strictly for testing, so there isn't anything
but an OS and some cache files for ycombinator and cnn, BFD. Oh but I
need to use strong passwords because someone ELSE might be an idiot
and have sensitive information on their laptop. So you are drawing me
into becoming responsible for other people's behavior too. Everyone is
baby sitting users who don't give a crap.
you should take a look at traffic laws, they all are about "someone ELSE might
be an idiot"
If you know you will be using the device for testing then just change the
password post-install to something simple.
The vast majority of people won't be using the installations just for testing.
First, sshd is not a security feature, it's a remote connection
service and increases the attack surface. Disable that. It has a lower
burden on more people, and it's also an expected burden for anyone
come from other enterprise cultures. The idea a Windows Server would
have remote services enabled by default? I think most any hard core
Windows sysadmin who also doesn't make bad excuses for Microsoft would
admit this could be a liability lawsuit waiting to happen if they were
to do that. That's how bad an idea it is.
but they do
you can certainly run commands remotely on a Windows Server system as soon as
you connect it to a domain, just because the remote GUI login is disabled
doesn't make remote services and administration disabled