• Just a brief update on the Windows Zero Configuration

    I did an Ethereal capture after installing SP2 and all updates and patches, and there it was, the user id and company name in plain text. My concern is, if ?¡é?€??Johnny Hacker?¡é?€?? is really serious, there is enough software out there to brute-force or dictionary-crack the password. So even though SP2 fixes most of the known security issues, the user id is still wide open.

    Sanjay, could you please send me the information on how to use the config utility to push out a single config to multiple clients, and also how to do it in AD? Since I will be stuck with this WZC I might as well learn how to make the best of it.

    Thanks again to everyone.

    Atlanta GA

  • Hope it is OK to answer a few questions.

    First if you are referring to the AD log on password, that is very well protected through the use of Kerberos.

    I was curious as to if you have policy setting enabled that removes the previous username from the log on window?

    I also have linked what are quite good sources of information as how to setup wireless setting in Group Policy.

  • cforbes - What authentication mechanism are you using that has allowed you to capture the Username in plaintext? Are you sure that you have a WZC issue here and not a EAP issue? Did you do the same capture using the Odyssey client to check if there was a difference? I would be interested in having a look at the captures if of course you dont mind sending them.

    With regard to using the config utility, you dont push the configs out. You can use the wizard to create a profile, save this somewhere and then import this to the other clients. Im afraid i dont have any good config sources.

Page 2 of 2