Connector / Password Update Security Issue RRS feed

  • General discussion

  • Hello,

    When I installed the WHS Connector it asked me to sync the password with the server password. This in my opinion is unexceptable that this is possible.

    That would mean that I have to give all "client" computers the WHS Password. This in turn means that everyone that has the Connector installed on their computers, knows the admin password for the WHS !!! I do not want to give my sister, or eventually son/dauchter this password, they could use this to delete files or mess around with the settings.

    Also, when for example my clever brother would get his hands on the Connector software and installs it, he can then, when he knows the admin password for the server, overwrite the password I have set using the password update !!!

    I am amazed that MS did not think of this! I suggest you make this work with the accounts. I would then just have to create an account for my sister on the server, and link the Connector to that account to make backups.

    Also, why do I need to change the password of my system to the password I have on the WHS? I do not want to type in a password everytime I start my computer. Remote Desktop Connection has the ability to save the credentials from server in order to log onto them, why not use this same system for the Connector?

    So, in order to sum things up:

    • Make the Connector login work with account credentials and not with server admin password.
    • Allow for storing account information in the same way as Remote Desktop Connection
    • Maybe give the user an option to change his system's password to that of his WHS account, or store the password in the Remote Desktop fashion, without changing his system password.

    Monday, January 14, 2008 12:44 AM

All replies

  • I think you're misunderstanding several aspects of the Windows Home Server security model.

    First, when you synchronize passwords between Windows Home Server and your client PC, you're synchronizing a user password on the client PC with a matching user's password on the server. You're not synchronizing the administrator password with anything. The users on the server are just that, users; they have only the access granted to them using the WHS Console. If you don't want your brother or sister to be able to delete files from a share, grant them read only access to that share.

    Second, while you have to enter the administrator password when installing the connector on a client PC, you don't have to give the users of that client PC that password. Without that password, it's not possible to log in to the console and change things.

    Storing passwords can be arranged, if you want to have a different username and password on your client PCs than you have on your server. The easiest way is to map drive letters to the server shares, and provide credentials for those mapped drives instead of letting Windows pass the local credentials through to the remote system. But synchronizing your local and server passwords is easier.

    As for not wanting to type in a password when you start your computer, you can set your computer to automatically log a particular user in every time the computer is started. It's insecure (much more so than synchronizing your password between the client and server), but not difficult.
    Monday, January 14, 2008 4:33 AM
  • Thanx for the fast reply!


    When it is not synchronizing the password with the WHS, then why do I need to enter the password after I installed the Connector? When I enter the password of another WHS User Account it does not work.


    So, I entered the WHS Password to continue. Then the Connector keeps bugging me about synchronizing the password. I can turn this off, but then the back-up does not seem to work. If I would synchronize the password with a WHS User password, how would it know what credentials to use? It could be possible that two user used the same password...


    This all seems very confusing and is not very well explained in the help of WHS, or maybe I am just not understanding this.


    Wouldn't it be easier to just enter the admin password after you installed the Connector, in order to connect to the WHS. And then enter the WHS User credentials you want to use for the back-up, which it then stores locally, with the option to synchronize these credentials? This would also be easier to grasp.


    The Shares is not the problem here, they work like they should. It is the back-up concept (especially the way the Connector works and what credentials get used/changed) that I don't really understand.



    Monday, January 14, 2008 12:22 PM
  • You provided the administrator password during installation of the connector because it proves you're authorized to join the machine you're installing on to the WHS you're pointing to. While that password is initially "remembered" by the console, it's not needed for normal operation, so you can choose to "forget" the WHS administrator password on any of your PCs; this will deny users of that pc who don't know that password access to the WHS console.

    The prompts to synchronize your password after installing the connector are because the connector checks your local credentials (e.g. for Glenn) with the password for a matching user on the server. If they don't match you get prompted to synchronize them. If they match, it makes for a seamless experience accessing your shares. If more than one user has the same password, it doesn't matter. The password doesn't identify the user, the user name (which must be unique) does. The password proves that the user is who he/she claims to be.

    The synchronizing of passwords shouldn't affect the backup tool. A backup should run even if the computer is sitting at the Welcome screen with nobody at all logged in.

    If you want your PC to start without a password, but you also want the benefits of a password (such as increased security and remote access through WHS if you're using an OS that supports that) you can set your PC to automatically log in as a particular user on startup, supply the credentials, and it will log in as that user. I've done that for my wife, for example.
    Monday, January 14, 2008 9:02 PM
  • Ok, I am starting to understand this, thank you very much. One more thing however. Does WHS Connector check credentials pure on username, or also the password, because if it also sets a password, and I do not have a password set, it would continue to prompt me to synchronize the password (since on the WHS you are required to add one) until I turn the update off. Is this correct?


    Monday, January 14, 2008 9:31 PM
  • As I said, a user name identifies a user. A password proves that the person currently using that name is the right person. Windows Home Server, like Windows and authentication solutions in general, needs both.
    Tuesday, January 15, 2008 4:13 AM
  • The problem I am having is that the Connector insists that the password I enter is incorrect even though I know it is. This is also not a Caps Lock or Scroll Lock issue. Any suggestions for resolving this?


    Monday, February 25, 2008 6:50 PM