Re: A method to gain access to files via built in account
- From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
- Date: Tue, 6 Feb 2007 20:40:03 -0000
By default, no drives or folders are shared, so there is no network access
at all. When you share a drive and so make it accessible, you need to be
careful to set the access you wish to allow. Microsoft changed the default
file permissions for a new drive to be more restrictive in W2K3 than in W2K.
Anthony
www.airdesk.co.uk
<grahame.worth@xxxxxxxxxxxxxx> wrote in message
news:1170791062.999611.253440@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have noticed that discs formatted by windows 2003 server SP1
automatically give 'special read' permissions to the built in account
'local users'. This did not appear to be the case with windows 2000
server. This account is automatically added to 'domain users' when the
server joins the domain. As a result ANY authenticated user gains read
access to ALL files by default (i.e. without the user, or any other
group which user is a member being explicitly listed. As we were not
using security on shares (as recommended my Microsoft) some users
discovered that the could map shares by adding the UNC path to a word
document and hence access files which we believed they has not access
to
Am I correct that the above scenario is correct, if so then other
system could be 'hacked' via this route
.
- References:
- A method to gain access to files via built in account
- From: grahame . worth
- A method to gain access to files via built in account
- Prev by Date: Re: Windows Timer Server
- Next by Date: Re: clearing out KB* directories from /WINNT
- Previous by thread: A method to gain access to files via built in account
- Next by thread: add a domain group to local admin group
- Index(es):
Relevant Pages
|
