Re: Win 2K3 server: NETWORK account seems to grant everyone access to UNC share
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 05/16/04
- Next message: Mike Kline: "Re: Script won't run"
- Previous message: Joe Richards [MVP]: "Re: Reverse Phone Number Lookup"
- In reply to: Matt G.: "Re: Win 2K3 server: NETWORK account seems to grant everyone access to UNC share"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 15 May 2004 21:06:21 -0400
You might want to go check in with one or more of the IIS or Front Page
newsgroups. They may have a workaround for you because that definitely isn't
secure that way.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Matt G. wrote: > Thanks for the reply Joe, and sorry for double posting... > Unfortunately the FPSE automatically adds the network account to > everything, and FPSE apparently won't work without the network account > (unless I am missing something). This is definitely a problem, and i > am not sure why Microsoft designed the FPSE this way. > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message news:<O#L74LgOEHA.308@TK2MSFTNGP11.phx.gbl>... > >>Network means anyone connecting to the machine via the network... That is why >>anyone can access it. >> >>I am not familiar with the front page stuff so I am not sure if you truly need >>it that open or not. I would recommend trying to create a group that has the >>userids in question that you want to have access, and then give that group >>access instead of network. >> >> joe >> >>-- >>Joe Richards Microsoft MVP Windows Server Directory Services >>www.joeware.net >> >> >> >>Matt G. wrote: >> >>>I am noticing the strangest behavior on my Win2K3 server - >>>I configured a share - granted EVERYONE full control share access (as >>>recommended - limit access via NTFS). >>>Limited the NTFS permissions to 'Administrators-Full', System-'Full', >>>and Network 'Read,Execute'. >>> >>>Even with these seemingly limited permissions, I can access the share >>>with a non-admin domain user - this obviously doesn't make sense since >>>the user isn't in the admin group. I deleted the 'Network' built in >>>account, and access was denied. If Ireapply the NETWORK account, >>>access is granted. The level of access for the non-domain account >>>mimics the access level granted to the built in Network accout on the >>>share. >>> >>>The reason this is a problem is because we are trying to use Front >>>Page Server Extensions on this share... FPSE automatically adds the >>>NETWORK user to all subwebs, which then apparently grants access to >>>non-admin users, or users who don't explicitly have permissions on the >>>share. Very strange, and troubling. I hope I am just doing something >>>stupid.... >>> >>>PLease help!!! >>> >>>-Matt
- Next message: Mike Kline: "Re: Script won't run"
- Previous message: Joe Richards [MVP]: "Re: Reverse Phone Number Lookup"
- In reply to: Matt G.: "Re: Win 2K3 server: NETWORK account seems to grant everyone access to UNC share"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
