|
|
Focus on Microsoft
default for requiring authentication 2003 Jun 12 2008 02:45AM Murda Mcloud (murdamcloud bigpond com) (5 replies) RE: default for requiring authentication 2003 Jun 12 2008 05:40PM David LeBlanc (dleblanc mindspring com) RE: default for requiring authentication 2003 Jun 12 2008 04:38PM Kurt Dillard (kurtdillard msn com) (1 replies) RE: default for requiring authentication 2003 Jun 12 2008 10:22PM Murda Mcloud (murdamcloud bigpond com) (1 replies) RE: default for requiring authentication 2003 Jun 12 2008 04:27PM James D. Stallard (james leafgrove com) (1 replies) RE: default for requiring authentication 2003 Jun 12 2008 07:33PM Kurt Dillard (kurtdillard msn com) (1 replies) RE: default for requiring authentication 2003 Jun 13 2008 08:43AM James D. Stallard (james leafgrove com) (1 replies) RE: default for requiring authentication 2003 Jun 13 2008 04:25PM Kurt Dillard (kurtdillard msn com) RE: default for requiring authentication 2003 Jun 12 2008 04:14PM Cawthray, Stewart (stewart cawthray td com) |
|
Privacy Statement |
Shares" under the security -> Network Access setting. If this is
disabled (or not allowed) then the "everyone" permissions only applies
to authenticated users. I have scripts that prep a machine post image
(ghosting) and in doing so must connect to server shares. At my company
we have the setting above disabled via GPO on all servers and I must use
an encoded vbs to do:
*objShell.run net use \\sever\share password /user:domain\user *
before I can access the share... however like everyone has said before,
by default this setting is not configured so everyone (including non
authenticated users) can access the data. But I must wonder why in the
world you'd fire up a server without having this in a default server
GPO. Tisk Tisk
P.S.
I encode the vbs files since a password and user are stored in it.
Murda Mcloud wrote:
> Thanks to all for the clarification and the links. He sounded so convinced
> that I doubted myself.
>
> Kurt wrote;
>
>>> Your nemesis is thinking of older versions of Windows.
>>>
>
> Bwahaha! Moriarty is foiled again...through the deductive powers of the
> security focus list...
>
>
>>> -----Original Message-----
>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>>> On Behalf Of Kurt Dillard
>>> Sent: Friday, June 13, 2008 2:39 AM
>>> To: 'Murda Mcloud'; focus-ms (at) securityfocus (dot) com [email concealed]
>>> Subject: RE: default for requiring authentication 2003
>>>
>>> Murda,
>>> You are correct, in Windows XP, 2003, and later the Everyone group only
>>> includes Authenticated Users, it no longer includes Anonymous Users. You
>>> can
>>> change this but Microsoft strongly recommends against doing so. Your
>>> nemesis
>>> is thinking of older versions of Windows.
>>>
>>> Kurt
>>>
>>> -----Original Message-----
>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>>> On
>>> Behalf Of Murda Mcloud
>>> Sent: Wednesday, June 11, 2008 11:45 PM
>>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>>> Subject: default for requiring authentication 2003
>>>
>>>
>>> I'm having a debate with someone over whether a 2003 server by default
>>> (OOB)forces someone to authenticate(whether to a DC or to the server
>>> itself
>>> if standalone) before allowing access to files.
>>>
>>>
>>>
>>> He seems to think that the default is that no authentication is required
>>> and
>>> consequently anyone could rock up and connect a laptop to a network with
>>> that server on it and get access to files on it-as the EVERYONE group is
>>> given read permissions to new folders etc.
>>>
>>>
>>>
>>> I say he is wrong but am looking hard to find something to back me up.
>>>
>>> I understand that the guest account could access files as it is part of
>>> the
>>> EVERYONE group but it's disabled by default-but still, there is an
>>> authentication process for guest to login
>>>
>>>
>>>
>
>
>
>
[ reply ]