Re: Two-computer network, MSHOME is not accessible" on both

On Wed, 11 Apr 2007 15:44:36 -0700, Chuck <none@xxxxxxxxxxx> wrote:

Actually, you can put a password on Guest, just as any other account.

I was referring to a page from Microsoft's Windows XT documentation...

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/usercpl_overview.mspx?mfr=true

...., which says, "The guest account is intended for use by someone who
has no user account on the computer. There is no password for the
guest account, so the user can log on quickly to check e-mail or
browse the Internet."

I assumed that "there is no password" means "there is no password."
In retrospect I see that it could be interpreted to mean "by default,
there is no password," but that interpretation seems strained to me.
I'd hate to have to say whether Microsoft's statement is unclearly
worded or just plain wrong.

I tried to coax User Accounts into letting me define a password for
Guests, but it refused, although I am logged in as an administrative
user. Based on that, I would have said quite positively that Guest
cannot have a password. if it can, there must be some more obscure
procedure for creating one.

That's a side issue, but it reminds me that Microsoft documentation is
as likely to get me in trouble as get me out, and that even trying
something to see how it works can be misleading! Please bear this in
mind and be patient if I seem reluctant to try things or look things
up for myself.

With SFS though most people don't password protect anything.

My concern is with someone who has physical access to my computer but
does not have permission to use it -- someone hired to water my plants
while I'm away, for example. They should not have access, period.
Thus SFS is perfectly adequate.

The "natural" way to deny access would be to delete the Guest account,
but apparently it has special functions which make that impossible.
Putting a strong password on it would be less direct but equally
effective.

If you had a non-blank
password set on either computer, but not the other, you'll have a problem there.

I checked, and found that Guest is unprotected on the desktop system.
On the portable computer is turned off. This adds to my puzzlement,
because as I understand the function of Guest, turning it off on the
portable computer should prevent sharing of files ON the portable
computer by others, but should not affect sharing of files BY the
portable computer on others. Yet I observe that the reverse is true.

If you have SFS, Guest is it. Is Guest a member of "Everyone"?

Apparently not. Until you asked the question, I assumed that groups
were predefined and immutable, since there is no Control Panel applet
for managing them. Once I realized that was not true, I found the
Local Users and Groups entry in Computer Management (Local), but its
list of groups does not even include Everyone. Yet Everyone is listed
in the security setting for "Access this computer from the network."

Might the absence of a definition for Everyone (and possibly other
missing or incorrect group definitions) be at the root of my problem?
If so, how can I tell what should be defined?

(I may never know, but I also wonder how the definitions got mangled.
I did not do it, since I didn't even know one could control group
definitions until now; nor did another user, because this computer has
never had another user.)

Here are my group definitions at present:

Administrators: Administrator, and the account I normally use.
Backup Operators: none.
Guests: Guest.
Network Configuration Operators: none.
Power Users: none.
Remote Desktop Users: none.
Replicator: none.
Users: NT AUTHORITY\Authenticated Users (S-1-5-11); NT
AUTHORITY\INTERACTIVE (S-1-5-4).
HelpServicesGroup: SUPPORT_388945a0.

.

Relevant Pages

  • Re: Allowing file share browsing for un-authenticated users
    ... It seems that if I simply enable the guest account on my Server ... Guest account still allows me to enumerate file shares so that Network ...
    (microsoft.public.windows.server.general)
  • Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalatio n Vulnerabilities
    ... Portcullis Security Advisory ... CiscoWorks 2000 Priviledge Escalation Vulnerability ... Portcullis have discovered that using the default Guest account ... Portcullis have discovered that using the default Guest account which has no password set, that it is possible to elevate the Guest users privileges to the equivalent of Admin. ...
    (Bugtraq)
  • Re: Workgroup Networking Issues with 2 XP MCE
    ... Dell) to fully acess each other's files. ... I was able to access and map HP network drives on Dell, ... password to the guest account, but username is not changeable to login with a ... Type this line at a command prompt to enable the Guest account for ...
    (microsoft.public.windowsxp.network_web)
  • Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalatio n Vulnerabilities
    ... Portcullis Security Advisory ... CiscoWorks 2000 Priviledge Escalation Vulnerability ... Portcullis have discovered that using the default Guest account ... Portcullis have discovered that using the default Guest account which has no password set, that it is possible to elevate the Guest users privileges to the equivalent of Admin. ...
    (Vuln-Dev)
  • Blitzed administrator, cant get account back
    ... I've tanked my in-laws computer by creating a guest ... account. ... Console Root folder was empty. ... I can't do a system restore or open the administrators ...
    (microsoft.public.windowsxp.security_admin)
Loading