Longhorn Server's "Improved" Security

An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"

Did you know?

[Anonymous Coward]

Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.

Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.

Re:If this is true...

[From A Far Away Land]

Don't forget that it includes PVP DRM, meaning Microsoft can compell your monitor not to show video unless it's sure that you've bought a comercial video disc.

This is a beta OS. Everything can and will change.

[postbigbang]

Lots of testers and researchers give VERY LOW SCORES when passwords aren't treated like they ought to be. What with machines that can do 100,000+ dictionary attacks per second, busting weak passwords is comparative childs play.

So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.

Not that I particularly like Microsoft, but fair is fair-- this is far from release code.

Re:If the author is creating a new domain in Longh

[Utopia]

I should also point out that by default the machine administrator account is disabled.
So no amount of password-cracking software will let you log-in as admin.

How about

[El Lobo]

reading the fucking manual nwebie? If you are installing a server as a member of a domain, it will use the domain administrator account because the LOCAL administrator is anyway DISABLED, so there is no need to PROMPT you for a password that already exists. Gee, you don't even deserve to be in this site. Or maybe 98% of this site's users are like you?

Re:What's "Longhorn"

[Anonymous Coward]

"Longhorn Server" is still the code name for the successor to Windows Server 2003. "Longhorn" was also the code name for Windows Vista prior to them giving it a new name for marketing purposes.

        -ShadowRanger

Comment removed

[account_deleted]

Comment removed based on user account deletion