Windows Server - IE NTLM vulnerability?

I wrote a filter code on Tomcat to read the NTLM credentials from IE
and do a Base 64 decode and get the user-id. I noticed that when I
change IE NTLM settings to manually enter user-id and password, IE
lets me through with any user-id and does not validate the login I
enter against any source.

Is this a security hole?

  Paul Baker [MVP, Windows Desktop Experience] replied to thathu

It could be using cached credentials and automatically logging in. You
already authenticated yourself when you logged in to Windows, so this might
be okay.

I would check your "User Authentication" settings for the zone.

Paul

mirating from netware 4 to windows 2003 Windows Server hi we planning to test migration from netware 4 nds to windows 2003 Using Services for NetWare 5.03. when we do migration to windows 2003 did user & data get deleted from netware ? can we migrate some user & there data from netware 4 to windows 2003 ? Windows Server Migration Discussions Wf3058LGYuXQE69rxSK (1) CGFua2FqbWNw (1) MimeOLE (1) PY22A (1) Novell (1) Morgan (1) Tomcat (1) Xref (1) Hello pankajmcp, Have a look here about migration: http: / / www.microsoft.com happen to user in netware we want to check performance of dos base program on windows 2003 before we move to w2k3 regards pankaj Dear Customer, Thank you for using newsgroup

About windows 2008 activation process Windows Server Hi guys! i have a quick question : it is possible configure a windows server 2008 to use a proxy server (NO ISA) for complete a activation process across internet ? Thanks in advance. Windows Server Discussions Windows Server 2008 (1 Windows Server (1) MimeOLE (1) MSMail (1) TecNet (1) Darrel (1) Tomcat (1) Gorter (1) Hello Inputio, Try using VAMT that may allow you to do what is provided "AS IS" with no warranties, and confers no rights - -- -- -- -- -- -- -- -- -- - | > From: "INPUTIO" | > Subject: About windows 2008 activation process | > Date: Wed, 9 Sep 2009 14:46:23 +0200 | > Lines: 9 | > MIME

Migration SBS 2003 to NEW Windows 2003 Regular Domain (64bit Windows) Windows Server Currently, we have two separate servers, one is running SBS 2003 Premium (srv1), one is our web server running Windows 2003 standard edition (srv2), which is not part of domain We are purchasing a new server will be running Windows 2003 standard edition (64bit) (srv3) and will convert current SBS 2003 server (srv1) to Windows 2003 Standard server with exchange 2007 server. We are going to buy: For srv1, Windows 2003 standard 64bit (50CALs), exchange 2007 (50CALs) For srv3, Windows 2003 standard 64bit (no CALs required to use per user configuration), SQL server 2005 Standard

migration from windows 2000 server to windows 2003 server Windows Server my intention is to perform a migration from our server to a new windows 2003 server (on new hardware), following the steps indicated in the following guide: http: / / www.windowsreference.com / windows-2000 / how-to-migrate windows-server-2000-to-windows-server-2003-step-by-step-tutorial / my plan is to keep the SAME domain name find clear information about this and i want no surprises, so bear with me, please :) Windows Server Migration Discussions Windows Server 2003 (1) Active Directory (1) Windows Server (1) UserAgent (1

ADM files Windows Server GPO settings in GPMC is missing. I looked at c: \ Windows \ Sysvol \ Sysvol \ Domain \ Policies \ <ID> \ ADM and found that sizes of adm files there are just downloaded from Microsoft. What should i do? Can i replace these files in C: \ windows \ inf and then recreate GPO's ? - - Pagarbiai, Aurimas K. Windows Server Active Directory Discussions Windows XP (1) Outlook (1) Vista (1) GPEditDebugLevel (1) GPTextDebugLevel (1) XP (1) MSMail (1) DLLs frickelsoft.net / cms / index.php?page = mailingliste I am missing all settings in User Configuration> Windows settings> Folder redirection. So i just have to replace adm files in C: \ windows \ inf with the ones from microsoft. Am i correct ? G'day: yes - - Svyatoslav Pidgorny, MS implemented by an MMC snap-in DLL that is registered by default on a standard Windows 2000, 2003 or XP installation. Occasionally those DLLs can be un-registered or removed and