Agreed, someone could have added "Authenticated Users" to either the "Domain Admins" group or the "Enterprise Admins" group. There are any nubmer of ways that could be done, but assume ignorance before malice.
Malware can do such things, it might be a good idea to use one of those online virus scanners, just to be on the safe side, especially if "Authenticated Users" *is* in one of the groups I mentioned. On one of our DCs "Authenticated Users" is *not* listed in the NTFS ACEs for C:\. The NTFS ACEs are: Administrators (Full Control on This folder, subfolders and files) SYSTEM (Full Control on This folder, subfolders and files) CREATOR OWNER (Full Control on Subfolders and files only) Users (Read & Execute on This folder, subfolders and files) Users (Create Folders / Append Data on This folder and subfolders) Users (Create Files / Write Data on Subfolders only) Everyeone (Read & Execute on This folder only) Christopher Boggs wrote: > If you can hit the c$ share on the DC without being prompted for a > user/pass then the account you're using must be in the Administrators > group somehow... sounds like somebody screwed up and nested the > wrong group or something. > > File permissions to the root of C: are normally wide open (hell, it > used to be "Everyone" instead of "Authenticated Users") but the catch > is that it doesn't flow down to anything else, only for the root > folder. > > I think that's all accurate... I could be wrong though. -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
