Re: Help Domain user associated to wrong Wss account

Hello,

Let me see if I can be clearer.

Both DOMAIN\UserA and DOMAIN\UserB are regular domain users only

DOMAIN\UserA is an administrator of a couple of subsites on wss

DOMAIN\UserB is just a normal contributor on wss

DOMAIN\UserB logs into the computer within the domain on the LAN side.

DOMAIN\UserB has all of the perms once on the wss site of DOMAIN\UserA. If
the user tries to get to a site the DOMAIN\UserA doesn't have perms
DOMAIN\UserA login name comes up prompting for a password. If DOMAIN\UserB
clicks on edit personal information on site settings of wss DOMAIN\UserA
information shows up.

What I think happened:
It seems that DOMAIN\UserB was logged into a local computer within the
domain. DOMAIN\UserA came to use computer and when prompted for a password
on wss they entered in DOMAIN\UserA...password and clicked save password.
Thus associating DOMAIN\UserB domain account with DOMAIN\UserA wss account.
When we changed DOMAIN\UserA domain password then the DOMAIN\UserB went to
wss and was prompted for a password, which we had DOMAIN\UserB...password
and clicked save password.

My concern is that some other accounts might have been compromised this way.
How can we audit this verifying that the domain DOMAIN\UserZ really links to
DOMAIN\UserZ of wss? Hope I was clearer....

Jake

""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:d1GKgB$lFHA.3472@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Jake,
>
> Thanks for using SBS newsgroup. Chad thanks for your updates.
>
> Issue description:
>
> ===========
>
> I am not sure about your issue, can I assume that you have a user whose
> permission is higher than normal domain user. If this is not your issue,
> please let me know.
>
> Analyzing and suggestions:
>
> ==========
>
> Generally speaking, we can apply domain user with different WSS
> permission.
> As I know, there are four kinds of permission, web designer web
> contributor, administrator, Reader. If you create a user with "Add user
> wizard" we will apply any domain user with user template and mobile
> template to web designer group, apply the power user and administrator to
> administrator group automatically.
>
> If you create a user via ADUC, you might have to configure the sharepoint
> role by yourself, it might cause the difference between domain users.
>
> If you want to change the permission of the existing user, you can use
> change permission wizard to reapply user's permission. You can navigate to
> the user you want to change permission, right click it and choose change
> permission. Then you can apply different template to that user to change
> the permission. Please make sure that if you apply to the existing 4 SBS
> default template, the WSS permission will be applied automatically.
>
>
> If you have any further concerns, please let me know. I am glad to help
> you.
>
> --------------------
> | From: "Chad A. Gross [SBS MVP]" <chad.gross@xxxxxxxxxxxxxxxxxxxxxxx>
> | References: <OsZbn56lFHA.572@xxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Help Domain user associated to wrong Wss account
> | Date: Tue, 2 Aug 2005 20:31:59 -0500
> | Lines: 15
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> | X-RFC2646: Format=Flowed; Response
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> | Message-ID: <#dN0hs8lFHA.3448@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: ip68-99-2-40.om.om.cox.net 68.99.2.40
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:140946
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hi Jake -
> |
> | Are you sure this is the case, or do you just have a user who has higher
> | permissions than they should?
> |
> | Sharepoint permissions on SBS
> | http://msmvps.com/cgross/archive/2005/04/14/42164.aspx
> |
> | --
> | Chad A. Gross - SBS MVP
> | SBS ROCKS!
> |
> | http://msmvps.com/cgross
> |
> |
> |
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>


.

Relevant Pages

  • Re: can not login
    ... If I set the user up as an Administrator rather than a Contributor then they ... > b) something in the link between their network and the one where the WSS ... >> She is a domain user, that has previously been able to login to WSS. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Help Domain user associated to wrong Wss account
    ... access functions on wss. ... > I understand that you apply different permission to different user. ... > This newsgroup only focuses on SBS technical issues. ... > |> permission is higher than normal domain user. ...
    (microsoft.public.windows.server.sbs)
  • Re: Help Domain user associated to wrong Wss account
    ... I understand that you apply different permission to different user. ... of WSS subsites, and user B have full permission on some site while user A ... This newsgroup only focuses on SBS technical issues. ... |> permission is higher than normal domain user. ...
    (microsoft.public.windows.server.sbs)
  • RE: Windows Shared File Permission error - Access Denied
    ... You have check the Effective Permission state on one of these users and take ... Consider rechecking the group membership, ... We now deleted domain user from the permissions list on the shared ...
    (microsoft.public.windows.server.general)
  • RE: Portal permissioning
    ... domain user reader/guest permission first and then provide higher permission ... level to individual users. ... > upload documents to this portal. ...
    (microsoft.public.sharepoint.portalserver)