Re: SharePoint Security

From: "Steven Collier [MVP]" <steven.collier@xxxxxxxx>
Date: Tue, 12 Apr 2005 22:43:44 +0100

I think windows would still lock out the password after the given number of
attempts ?

The other option in to turn on Request Approval, after 3 goes they get
directed to a page to request approval, sending a mail to the site owner.

Steven

On 12/4/05 20:32, in article
DB1033F1-DC51-4100-A500-DB420BC38ACB@xxxxxxxxxxxxx, "Herbert"
<Herbert@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> I don't know if this has been covered here before, I've tried to search but
> no luck.
>
> I notice that a non-admin user can access
> http://Sitename/_layouts/1033/settings.aspx page. Normal user cannot
> access the links on that page, and will get prompted for username/password,
> however, they can try as many times as possible. easy target for just a
> brutal force attack. Why did MS implement this? Is there a way to block
> non-admin users from seeing settings.aspx at all (ie. they won't even get
> prompt for password and just display a 401)
>
> I'm planning on putting WSS as an internet site, it's not a very good idea
> to let others see your site setting page.
>
> Thanks a lot.

.

Follow-Ups:
- Re: SharePoint Security
  - From: Herbert

References:
- SharePoint Security
  - From: Herbert

Prev by Date: RE: Surveys
Next by Date: Re: LCS & Members Webpart
Previous by thread: SharePoint Security
Next by thread: Re: SharePoint Security
Index(es):
- Date
- Thread

Relevant Pages

Re: SharePoint Security
... I should've mention that I'm testing with WSS and using Firefox to ... > I think windows would still lock out the password after the given number of ... >> I notice that a non-admin user can access ... >> prompt for password and just display a 401) ...
(microsoft.public.sharepoint.portalserver)
Re: Permissions to Print Spooler service
... > non-admin user and I want him to be able to cycle the local Print Spooler ... Grant Users Rights to Manage Services in Windows 2000 ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
(microsoft.public.windowsxp.general)
Re: Help hardening interactive processes in Windows
... to keep them from running under a higher level accounts? ... I'm not completely sure what you mean by "running under a higher level ... Unfortunately, the Windows world has no concpet of this, and therefore, no ... "runas" to run the process as a non-admin user, ...
(Security-Basics)
SharePoint Security
... no luck. ... I notice that a non-admin user can access ... prompt for password and just display a 401) ... I'm planning on putting WSS as an internet site, it's not a very good idea ...
(microsoft.public.sharepoint.portalserver)
Running USMT Loadstate as non-admin
... loadstate as a non-admin user on a Windows XP machine. ... beta of USMT. ...
(microsoft.public.windowsxp.setup_deployment)