Re: Unwanted share access despite security settings
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 07/28/04
- Previous message: Freddie: "Re: Only CPU Utilization"
- In reply to: Titus van Houwelingen: "Unwanted share access despite security settings"
- Next in thread: Steven L Umbach: "Re: Unwanted share access despite security settings"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Jul 2004 22:12:24 +0200
Hi,
your first scenario can be explained like this.
User (MrX) has password (MrXpass) on domain. He has same username (MrX) and
password (MrXpass) on his local computer. When he tries to access resource
on domain from his PC, Windows will automatically send his username (MrX)
and password (MrXpass) to domain. Since such user exist and has correct
password, he is granted access. Well in company where I work I am the only
Mike and that is what my username is. If there was another one I guess his
username was Mike1, but I don't think there is much chance that we would
have exactly same password (unless password is password)... :-). If the case
is that two users have same password at the same time then these password
are note secure enough (e.g. not Pass Phrases). I recently did an audit of
450 user accounts for the customer and not 2 passwords were the same...
On XP was network share mapped manually?
Who are other users of group ABC?
I hope this helps,
Mike
"Titus van Houwelingen" <titusnntp@hotmail.com> wrote in message
news:410800af$0$62379$5fc3050@dreader2.news.tiscali.nl...
> Hello,
>
> I have a share on a W2K Advanced server with active directory.
> Permissions on the share are for a group ABC (defined in Active
Directory).
> NTFS security is full acces for 'everyone'.
>
> A user MrX belongs to group ABC.
>
> Whe MrX log on LOCALLY on a NT4 machine and this local account has the
same
> username/password he can access the share. I think this shouldn't be
> possibble because the group is a domain group. And no explicit access for
> MrX has been defined on the share, only the ABC group. Nothing else.
>
> It gets worse: when he uses WinXP professional, and he has a LOCAL account
> with the same name but with an EMPTY password, he gets access to the share
> when he logs on LOCALLY!
>
> The guest account is disabled.
>
> I must be doing something stupid. Can anyone please tell me what could be
> the problem?
>
> Thanks in advance,
> Titus
>
>
>
>
- Previous message: Freddie: "Re: Only CPU Utilization"
- In reply to: Titus van Houwelingen: "Unwanted share access despite security settings"
- Next in thread: Steven L Umbach: "Re: Unwanted share access despite security settings"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
