--R
--
Randy Hall MCSA, MCSE (randy.hall (at) intel (dot) com [email concealed])
Network/Web Manager, Corporate Demos
Intel Corporation, Santa Clara, CA USA
All views expressed herein are MINE MINE MINE!!!
-----Original Message-----
From: Laura A. Robinson [mailto:larobins (at) bellatlantic (dot) net [email concealed]]
Sent: Friday, January 24, 2003 5:35 AM
To: 'Shane Brooks'; 'Williamson, Scott'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Bypass Traverse Checking?
As an additional item, since I've been challenged on this one via
e-mail, I
would encourage reading of this:
Particularly this:
"Note
For anonymous access to be available for Internet users, anonymous
access
must be enabled on the Internet Information Services (IIS) Web server."
Again, note that Authenticated users does _not_ include anonymous.
Laura
> -----Original Message-----
> From: Shane Brooks [mailto:shane (at) floridacomputerservices (dot) com [email concealed]]
> Sent: Monday, January 20, 2003 7:11 PM
> To: Williamson, Scott; focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Bypass Traverse Checking?
>
>
> You should definately make this change. If anything, the
> other admin is confusing Anonymous access of web-pages by the
> IUSR_[computername] account. However, IIS manages the
> password of this account automatically and the account is
> therefore a member of "Authenticated Users", since IIS
> authenticates every page as IUSR automatically if Anonymous
> access is enabled. The only account that is affected by
> Everyone is the guest account which is disabled by default.
> Hope this helps, Shane
> ----- Original Message -----
> From: "Williamson, Scott" <scott.williamson (at) htcinc (dot) net [email concealed]>
> To: <focus-ms (at) securityfocus (dot) com [email concealed]>
> Sent: Wednesday, January 15, 2003 1:10 PM
> Subject: Bypass Traverse Checking?
>
>
> > I'm working on procedures for servers in our organization. I keep
> > coming across the recommendation to set the following on a Windows
> > 2000 Server.
> My
> > problem is I have another administrator who believes this
> could cause
> > problems in IIS. What are the lists opinions? Anyone heard of this
> causing
> > problems?
> >
> > User Rights Assignment - Set "Bypass Traverse Checking" - Remove
> > Everyone and Replace with Authenticated Users.
> >
> > Thanks in advance for your time,
> >
> > Michael Scott Williamson
> > Systems Administrator
>
dangerous assertions being made.
A very good web article that clears the distinction between Everyone,
Users, and Authenticated Users is at:
http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=23581
I read it and agree with its findings.
Cheers,
--R
--
Randy Hall MCSA, MCSE (randy.hall (at) intel (dot) com [email concealed])
Network/Web Manager, Corporate Demos
Intel Corporation, Santa Clara, CA USA
All views expressed herein are MINE MINE MINE!!!
-----Original Message-----
From: Laura A. Robinson [mailto:larobins (at) bellatlantic (dot) net [email concealed]]
Sent: Friday, January 24, 2003 5:35 AM
To: 'Shane Brooks'; 'Williamson, Scott'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Bypass Traverse Checking?
As an additional item, since I've been challenged on this one via
e-mail, I
would encourage reading of this:
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?u
rl=/
windows2000/techinfo/reskit/en-us/distrib/dsbc_nar_lmxa.asp
or
http://tinyurl.com/4ubt
Particularly this:
"Note
For anonymous access to be available for Internet users, anonymous
access
must be enabled on the Internet Information Services (IIS) Web server."
Again, note that Authenticated users does _not_ include anonymous.
Laura
> -----Original Message-----
> From: Shane Brooks [mailto:shane (at) floridacomputerservices (dot) com [email concealed]]
> Sent: Monday, January 20, 2003 7:11 PM
> To: Williamson, Scott; focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Bypass Traverse Checking?
>
>
> You should definately make this change. If anything, the
> other admin is confusing Anonymous access of web-pages by the
> IUSR_[computername] account. However, IIS manages the
> password of this account automatically and the account is
> therefore a member of "Authenticated Users", since IIS
> authenticates every page as IUSR automatically if Anonymous
> access is enabled. The only account that is affected by
> Everyone is the guest account which is disabled by default.
> Hope this helps, Shane
> ----- Original Message -----
> From: "Williamson, Scott" <scott.williamson (at) htcinc (dot) net [email concealed]>
> To: <focus-ms (at) securityfocus (dot) com [email concealed]>
> Sent: Wednesday, January 15, 2003 1:10 PM
> Subject: Bypass Traverse Checking?
>
>
> > I'm working on procedures for servers in our organization. I keep
> > coming across the recommendation to set the following on a Windows
> > 2000 Server.
> My
> > problem is I have another administrator who believes this
> could cause
> > problems in IIS. What are the lists opinions? Anyone heard of this
> causing
> > problems?
> >
> > User Rights Assignment - Set "Bypass Traverse Checking" - Remove
> > Everyone and Replace with Authenticated Users.
> >
> > Thanks in advance for your time,
> >
> > Michael Scott Williamson
> > Systems Administrator
>
[ reply ]