Re: default for requiring authentication 2003

Fri, 13 Jun 2008 08:11:05 -0700

Don't forget about the "Allow anonymous enumeration of SAM Accounts and Shares" under the security -> Network Access setting. If this is disabled (or not allowed) then the "everyone" permissions only applies to authenticated users. I have scripts that prep a machine post image (ghosting) and in doing so must connect to server shares. At my company we have the setting above disabled via GPO on all servers and I must use an encoded vbs to do: 
*objShell.run net use \\sever\share password /user:domain\user *
before I can access the share... however like everyone has said before, by default this setting is not configured so everyone (including non authenticated users) can access the data. But I must wonder why in the world you'd fire up a server without having this in a default server GPO. Tisk Tisk 

P.S.
I encode the vbs files since a password and user are stored in it.

Murda Mcloud wrote:

Thanks to all for the clarification and the links. He sounded so convinced
that I doubted myself.

Kurt wrote;

  

Your nemesis is thinking of older versions of Windows.

      


Bwahaha! Moriarty is foiled again...through the deductive powers of the
security focus list...


  

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kurt Dillard
Sent: Friday, June 13, 2008 2:39 AM
To: 'Murda Mcloud'; [email protected]
Subject: RE: default for requiring authentication 2003

Murda,
You are correct, in Windows XP, 2003, and later the Everyone group only
includes Authenticated Users, it no longer includes Anonymous Users. You
can
change this but Microsoft strongly recommends against doing so. Your
nemesis
is thinking of older versions of Windows.

Kurt

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Behalf Of Murda Mcloud
Sent: Wednesday, June 11, 2008 11:45 PM
To: [email protected]
Subject: default for requiring authentication 2003


I'm having a debate with someone over whether a 2003 server by default
(OOB)forces someone to authenticate(whether to a DC or to the server
itself
if standalone) before allowing access to files.



He seems to think that the default is that no authentication is required
and
consequently anyone could rock up and connect a laptop to a network with
that server on it and get access to files on it-as the EVERYONE group is
given read permissions to new folders etc.



I say he is wrong but am looking hard to find something to back me up.

I understand that the guest account could access files as it is part of
the
EVERYONE group but it's disabled by default-but still, there is an
authentication process for guest to login



      





  
























					Reply via email to