Focus on Microsoft
default for requiring authentication 2003 Jun 12 2008 02:45AM
Murda Mcloud (murdamcloud bigpond com) (5 replies)
RE: default for requiring authentication 2003 Jun 12 2008 06:47PM
Matt Roca (meroca peoplecube com)
RE: default for requiring authentication 2003 Jun 12 2008 05:40PM
David LeBlanc (dleblanc mindspring com)
RE: default for requiring authentication 2003 Jun 12 2008 04:38PM
Kurt Dillard (kurtdillard msn com) (1 replies)
RE: default for requiring authentication 2003 Jun 12 2008 10:22PM
Murda Mcloud (murdamcloud bigpond com) (1 replies)
Re: default for requiring authentication 2003 Jun 13 2008 02:34AM
Kevin (rot_betruger sbcglobal net) (1 replies)
Don't forget about the "Allow anonymous enumeration of SAM Accounts and
Shares" under the security -> Network Access setting. If this is
disabled (or not allowed) then the "everyone" permissions only applies
to authenticated users. I have scripts that prep a machine post image
(ghosting) and in doing so must connect to server shares. At my company
we have the setting above disabled via GPO on all servers and I must use
an encoded vbs to do:
*objShell.run net use \\sever\share password /user:domain\user *
before I can access the share... however like everyone has said before,
by default this setting is not configured so everyone (including non
authenticated users) can access the data. But I must wonder why in the
world you'd fire up a server without having this in a default server
GPO. Tisk Tisk

P.S.
I encode the vbs files since a password and user are stored in it.

Murda Mcloud wrote:
> Thanks to all for the clarification and the links. He sounded so convinced
> that I doubted myself.
>
> Kurt wrote;
>
>>> Your nemesis is thinking of older versions of Windows.
>>>
>
> Bwahaha! Moriarty is foiled again...through the deductive powers of the
> security focus list...
>
>
>>> -----Original Message-----
>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>>> On Behalf Of Kurt Dillard
>>> Sent: Friday, June 13, 2008 2:39 AM
>>> To: 'Murda Mcloud'; focus-ms (at) securityfocus (dot) com [email concealed]
>>> Subject: RE: default for requiring authentication 2003
>>>
>>> Murda,
>>> You are correct, in Windows XP, 2003, and later the Everyone group only
>>> includes Authenticated Users, it no longer includes Anonymous Users. You
>>> can
>>> change this but Microsoft strongly recommends against doing so. Your
>>> nemesis
>>> is thinking of older versions of Windows.
>>>
>>> Kurt
>>>
>>> -----Original Message-----
>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>>> On
>>> Behalf Of Murda Mcloud
>>> Sent: Wednesday, June 11, 2008 11:45 PM
>>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>>> Subject: default for requiring authentication 2003
>>>
>>>
>>> I'm having a debate with someone over whether a 2003 server by default
>>> (OOB)forces someone to authenticate(whether to a DC or to the server
>>> itself
>>> if standalone) before allowing access to files.
>>>
>>>
>>>
>>> He seems to think that the default is that no authentication is required
>>> and
>>> consequently anyone could rock up and connect a laptop to a network with
>>> that server on it and get access to files on it-as the EVERYONE group is
>>> given read permissions to new folders etc.
>>>
>>>
>>>
>>> I say he is wrong but am looking hard to find something to back me up.
>>>
>>> I understand that the guest account could access files as it is part of
>>> the
>>> EVERYONE group but it's disabled by default-but still, there is an
>>> authentication process for guest to login
>>>
>>>
>>>
>
>
>
>

[ reply ]
RE: default for requiring authentication 2003 Jun 17 2008 01:10AM
Murda Mcloud (murdamcloud bigpond com)
RE: default for requiring authentication 2003 Jun 12 2008 04:27PM
James D. Stallard (james leafgrove com) (1 replies)
RE: default for requiring authentication 2003 Jun 12 2008 07:33PM
Kurt Dillard (kurtdillard msn com) (1 replies)
RE: default for requiring authentication 2003 Jun 13 2008 08:43AM
James D. Stallard (james leafgrove com) (1 replies)
RE: default for requiring authentication 2003 Jun 13 2008 04:25PM
Kurt Dillard (kurtdillard msn com)
RE: default for requiring authentication 2003 Jun 12 2008 04:14PM
Cawthray, Stewart (stewart cawthray td com)


 

Privacy Statement
Copyright 2010, SecurityFocus