Re: windows new users?
- From: tech guy <techguy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Jun 2009 10:48:01 -0700
To add on my last post, I think you r wrong, john. remote assistance doesn't
used these 2 account to work/login. This feature only request assistance but
doesn't use any accounts at all. To login and fulfill the remote assistance ,
the users use their real accounts themselves(approved, authorised and then
configured, which is under the "remote desktop" group account) to login.
The only thing that you mention right is these 2 security identify ONLY use
winlogon.exe process to login to system, and this is discourage because it
will allow the account creater or anyone who know the password of these 2
accounts to logon, which may resultant to unauthoried system login(A big
security problem).
Unless you or some other windows experts(best if some microsoft windows
programmer can help)can tell me SPECIFICALLY some RREEAAAAALLLLLY SPECIAL
reason(s), most likely I would think it as a big security issue and delete
these useless accounts away right after after the system is installed and
advise everyone else to do the same thing as me.
"John John - MVP" wrote:
Sooner or later you *will* have problems with your Server 2003.
installation if you remove these groups, you will have problems with
many of your server tools if the Authenticated Users group is not
present. With the ever increasing push to secure and lock down machines
those without the Authenticated Users group will hit into a brick wall!
On Vista and Server 2008 removing the Authenticated users may prevent
Explorer.exe from starting. On Windows XP some remote services will not
work, for example you will not be able to receive remote assistance if
you remove the Authenticated Users group. This Authenticated Users
group was created to plug security holes with the Null Sessions, see
here for more explanations:
http://www.microsoft.com/msj/0299/security/security0299.aspx
Security Briefs Q&A, MSJ February 1999
John
cscw wrote:
hi
[Quote]
The Authenticated Users group is the same as the Everyone group except it >does not contain anonymous users.
[end quote]
http://tinyurl.com/l5m8bv
John
Are you sure? I want to know WHY microsoft is configuring that that 2 type
of users(which look a group since it is named as "authenticated
users"/"interactive" but is actually just some security principal USER) to
login to the system?
From your answers abv, Isn't it a big security bug(because those are
actually "everyone") if your explaination is true?
[quote]
logons. Which applications do users use that requires users to be
members of these security principals? If you aren't a member of these
groups you cannot use Winlogon.exe and you cannot logon to the computer!
[end quote]
From your answer abv, after they use winlogon.exe to login, which
application are they trying to use? WHY microsoft are MAKING them to logon BY
DEFAULT?? isn't that a SECURITY BUG because microsoft some "unauthorised
users" to logon by default??
PS: I have already told you that all real users accounts still can login
even these 2 accounts are deleted away.
Can some windows experts help to advise?
Thanks for the help.
- References:
- windows new users?
- From: cscw
- Re: windows new users?
- From: John John - MVP
- Re: windows new users?
- From: John John - MVP
- Re: windows new users?
- From: cscw
- Re: windows new users?
- From: John John - MVP
- Re: windows new users?
- From: John John - MVP
- Re: windows new users?
- From: cscw
- Re: windows new users?
- From: John John - MVP
- windows new users?
- Prev by Date: Windows XP setup on new hard drive
- Next by Date: Re: windows new users?
- Previous by thread: Re: windows new users?
- Next by thread: Working around Task Scheduler / Sysprep bug?
- Index(es):
Relevant Pages
|
