Wasn't necessarily stating a should/shoudn't - was stating my expectations and understanding, which was clearly faulty.
On Tue, Jun 14, 2011 at 08:52, Ken Schaefer <[email protected]> wrote: > LocalSystem has full control over the local machine, and can authenticate as > machinename$ to remote machines (which is what would be required for services > that are running as LocalSystem but need to access remote machines, without > some proxy process). Additionally for LocalSystem to access shares on the > same machine, it would still have full control (unless you change the perms). > Anyhoo, the previous is merely technical limitations - i.e. what is possible. > Am still curious to know why it shouldn't have that access. > > Cheers > Ken > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Tuesday, 14 June 2011 10:41 PM > To: NT System Admin Issues > Subject: Re: User accounts for shared folders > > I expected that System would have access to shares because they are normally > for network access, and according to everything I've read, System doesn't > have that. AFAIK, System is only for access to resources local to the machine. > > Someone else noted that System is used in DFS (FRS), which is surprising to > me, but I don't think he'd be joshing me, so I believe him, because I have > never had cause to use DFS. > > Now, if System can access shares that are local to the machine, that's > perhaps not quite as surprising, but does seem a fairly odd way of doing > things. > > Kurt > > On Tue, Jun 14, 2011 at 04:45, Ken Schaefer <[email protected]> wrote: >> Why shouldn't "system" talk to shares? >> >> Cheers >> Ken >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Tuesday, 14 June 2011 3:55 AM >> To: NT System Admin Issues >> Subject: Re: User accounts for shared folders >> >> Why would you do that, when System isn't supposed to be able to talk to >> shares? Has something changed drastically in later versions of of Windows, >> that is, after Win2k3? >> >> On Mon, Jun 13, 2011 at 12:45, Crawford, Scott <[email protected]> wrote: >>> System on share permissions may be rare, but its certainly not out of the >>> question. I've got share permissions that specify System. >>> >>> -----Original Message----- >>> From: Kurt Buff [mailto:[email protected]] >>> Sent: Monday, June 13, 2011 2:42 PM >>> To: NT System Admin Issues >>> Subject: Re: User accounts for shared folders >>> >>> On Mon, Jun 13, 2011 at 10:57, Tammy Stewart >>> <[email protected]> wrote: >>>> Ran into something interesting today t-shooting a virus issue on a network. >>>> >>>> On every share there is no system account listed. Only Domain admins >>>> & domain users. >>>> >>>> My google kung-fu seems to be lacking today but is there >>>> anything/reason why the system account would not show up? >>>> >>>> System account does exist on the machine – non shared directories have it. >>>> Just the shares that seem affected. >>>> >>>> Windows 2003 domain (if that makes any difference) >>>> >>>> Not just the system with infected files on the shares – all the >>>> servers are like this including clean ones (that have not been >>>> touched by the virus yet) >>>> >>>> Anyone have any kb articles or something I can look at that would >>>> explain this? (and hopefully put them back to normal) >>>> >>>> Thanks! >>>> >>>> Tammy > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
