Re: File security rights confusing
- From: "Paul" <ancientsiam@xxxxxxxxx>
- Date: Thu, 1 Feb 2007 14:56:44 +0700
The notebook user can browse all system folders, including exchange folders,
sysvol, and anything, just like the SYSTEM account on the server.
This is worrying because he can potentially change and delete system files
as well.
The notebook user is using WindowsXP. The Server is W2Ksp4.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:%23NlVUSdRHHA.1908@xxxxxxxxxxxxxxxxxxxxxxx
On the server:Path=c:\valueadd\sapdb-all-win-32bit-i386-7_4_3_32\sapdb-all-win-32bit-i386-
cacls "Company Shared Folders" > c:\test.txt
F:\Company Shared Folders CRAYFISH\administrator:(OI)(CI)F
CRAYFISH\BackOffice Folder Operators:(OI)(CI)C
On the workstation:
set > c:\test.txt
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sales777\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBM-0CA410C7F30
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sales777
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\IBM-0CA410C7F30
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
7_4_3_32\y\bin;c:\valueadd\sapdb-all-win-32bit-i386-7_4_3_32\sapdb-all-win-3
2bit-i386-7_4_3_32\y\pgm;C:\ProgramFiles\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\
Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATIWindows\services;C:\AppServ\Apache2.2\bin;C:\AppServ\php5;C:\AppServ\MySQL\b
Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program
Files;C:\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for
inPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86office
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\Sales777\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\Sales777\LOCALS~1\Temp
USERDOMAIN=IBM-0CA410C7F30
USERNAME=Sales777
USERPROFILE=C:\Documents and Settings\Sales777
windir=C:\WINDOWS
net user "%UserName%" >> c:\test.txt
User name Sales777
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 1/20/2006 4:02 AM
Password expires Never
Password changeable 1/20/2006 4:02 AM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 2/1/2007 1:36 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
The command completed successfully.
net user "%UserName%" 26January >> c:\test.txt
User name Sales777
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 2/1/2007 1:41 PM
Password expires Never
Password changeable 2/1/2007 1:41 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 2/1/2007 1:43 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
net user "%UserName%" >> c:\test.txt
Z:\ <Account Domain not found>(OI)(CI)F
<Account Domain not found>(OI)(CI)C
dir \\YourServer\Shared 1>>c:\test.txt 2>>&1
Volume in drive \\CRAYFISH\Shared is data
Volume Serial Number is 008D-AA54
Directory of \\CRAYFISH\Shared
02/01/2007 01:41 PM <DIR> .
02/01/2007 01:41 PM <DIR> ..
11/10/2006 09:35 AM <DIR> 01 - HR & ADMIN
02/01/2007 08:56 AM <DIR> 02 - SALES
11/22/2005 10:31 AM <DIR> 03 - ACCOUNTS
01/26/2007 01:33 PM 477 50 - SOFTWARE.lnk
12/20/2006 12:57 PM <DIR> 99 - OTHER
02/01/2007 01:41 PM 851 net_user.txt
2 File(s) 1,328 bytes
6 Dir(s) 29,774,835,712 bytes free
Note: the &1 file handle variable returned a file locked error, so it was
ommitted.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:uc8A9z0QHHA.4060@xxxxxxxxxxxxxxxxxxxxxxx
The notebook user is on a biz trip. Will check when he gets back to
howand upload.
Thanks.
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:OQTNp5RQHHA.4844@xxxxxxxxxxxxxxxxxxxxxxx
No, this is not caused by a virus but by an oversight on
your part. To track it down you must create a precise
report of your permission structure. Here is how you can
do it.
On the server:
- Open a Command Prompt.
- Navigate to the parent of the "Shared" folder.
- Type this command:
cacls Shared > c:\test.txt
- Paste the contents of this file into your reply.
On a workstation:
- Log on as a local administrator.
- Open a Command Prompt.
- Type the following commands:
set > c:\test.txt
net user "%UserName%" >> c:\test.txt
net user "%UserName%" 26January >> c:\test.txt
(This will change to password to "26 January".)
- Log off, then log on again as a local administrator and
open a Command Prompt, then type these commands:
net user "%UserName%" >> c:\test.txt
dir \\YourServer\Shared 1>>c:\test.txt 2>>&1
- Paste the contents of this file into your reply.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:%23TGo6JRQHHA.1016@xxxxxxxxxxxxxxxxxxxxxxx
The passwords are different though, that's why I can't understand
andthethey
notebook/administrator can browse folders on server under
server/administrator. Not only can they see the shared folders, but
can
browse and see all the system folders that have shares as well.
Is this a virus?
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:OKR$CcDQHHA.4924@xxxxxxxxxxxxxxxxxxxxxxx
As I said before, only account names / passwords
matter. SIDs don't.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:O0t4qLDQHHA.2468@xxxxxxxxxxxxxxxxxxxxxxx
Surely the notebook\administrator has a different SID than
server\administrator ?
Why does the server allow notebook\administrator browse files
usersfullfolders
that have permissions set exclusively for server\administrator ?
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:uLqEip6PHHA.140@xxxxxxxxxxxxxxxxxxxxxxx
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:eFNIUJ6PHHA.404@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a folder on my server called "shared" and I have set
accesspermissions
to the domain/administrator and domain/sharedusers.
The strange thing is that any notebook in my company can
this
folder
by simply browsing the network, as long as the notebook
account/havecan
logged
in
as notebook/administrator i.e. local notebook administrator
thebrowse
the
folders on the server.
To test, if I delete the domain/administrator permissions on
thefoldersnetwork
folder, the notebook users lose their ability to browse the
onbetween
the
server.
I had always thought that Windows 2000 server distinguishes
local
computer admin on the notebooks, and local computer admin on
server?
Windows does not care if a resource is being accessed by a
local or by a domain user. If the user presents a valid
password combination then he/she is given appropriate access.
.
- Follow-Ups:
- Re: File security rights confusing
- From: Paul
- Re: File security rights confusing
- References:
- Re: File security rights confusing
- From: Paul
- Re: File security rights confusing
- Prev by Date: Re: File security rights confusing
- Next by Date: Re: File security rights confusing
- Previous by thread: Re: File security rights confusing
- Next by thread: Re: File security rights confusing
- Index(es):
Relevant Pages
|
