Re: Help Domain user associated to wrong Wss account
- From: "Jake Smythe" <rondican@xxxxxxxxxxx>
- Date: Mon, 8 Aug 2005 10:07:52 -0700
Charles,
Thanks for the response. We do have the perms set up as groups. We have
a top site with 3 sub sites. Both of the users are contributors of the top
site, while UserA is an admin of some subsites and UserB is just a
contributor. The problem seems to be that when UserA tried to do someting
(the local computer was logged in as UserB's domain account) the wss site
prompted for the password, as it should, since UserB didn't have the correct
permissions. Then UserA put in login and password and saved password to
access functions on wss. It seems that then the system associated UserA's
wss perms to UserB's domian account. Now while I have to educate the users,
AGAIN, not to user other peoples computers if not logged in themself, how
can I audit to verify that each domain\user is associated to each wss
domain\user?
Jake
""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:gefyFHMmFHA.2700@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Jake,
>
> Thanks for updates.
>
> I understand that you apply different permission to different user. It
> seems to be permission setting issue, as I know we did not recommend
> configure permission individually for each user which might cause some
> interruption and confusion, it is your best interest to configure the
> permission as group. For detailed configuration of permission setting, I
> suggest you refer to Windows sharepoint services administration guide:
>
>
> http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/
> stsf16.mspx
>
> As I know, if you access the content that you did not have permission, you
> will be prompt to input credential to enter into the content. It is the by
> design issue. But you refer to that User A is the administrator of couple
> of WSS subsites, and user B have full permission on some site while user A
> did not have permission on them, so I am little confuse by it. Could you
> explain it more clearly.
>
> Thanks for your understanding.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | From: "Jake Smythe" <rondican@xxxxxxxxxxx>
> | References: <OsZbn56lFHA.572@xxxxxxxxxxxxxxxxxxxx>
> <#dN0hs8lFHA.3448@xxxxxxxxxxxxxxxxxxxx>
> <d1GKgB$lFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Help Domain user associated to wrong Wss account
> | Date: Wed, 3 Aug 2005 22:29:27 -0700
> | Lines: 157
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> | X-RFC2646: Format=Flowed; Original
> | Message-ID: <O1xu8VLmFHA.2656@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: cpe-66-75-236-25.san.res.rr.com 66.75.236.25
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:141359
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hello,
> |
> | Let me see if I can be clearer.
> |
> | Both DOMAIN\UserA and DOMAIN\UserB are regular domain users only
> |
> | DOMAIN\UserA is an administrator of a couple of subsites on wss
> |
> | DOMAIN\UserB is just a normal contributor on wss
> |
> | DOMAIN\UserB logs into the computer within the domain on the LAN side.
> |
> | DOMAIN\UserB has all of the perms once on the wss site of DOMAIN\UserA.
> If
> | the user tries to get to a site the DOMAIN\UserA doesn't have perms
> | DOMAIN\UserA login name comes up prompting for a password. If
> DOMAIN\UserB
> | clicks on edit personal information on site settings of wss DOMAIN\UserA
> | information shows up.
> |
> | What I think happened:
> | It seems that DOMAIN\UserB was logged into a local computer within the
> | domain. DOMAIN\UserA came to use computer and when prompted for a
> password
> | on wss they entered in DOMAIN\UserA...password and clicked save
> password.
> | Thus associating DOMAIN\UserB domain account with DOMAIN\UserA wss
> account.
> | When we changed DOMAIN\UserA domain password then the DOMAIN\UserB went
> to
> | wss and was prompted for a password, which we had
> DOMAIN\UserB...password
> | and clicked save password.
> |
> | My concern is that some other accounts might have been compromised this
> way.
> | How can we audit this verifying that the domain DOMAIN\UserZ really
> links
> to
> | DOMAIN\UserZ of wss? Hope I was clearer....
> |
> | Jake
> |
> | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
> | news:d1GKgB$lFHA.3472@xxxxxxxxxxxxxxxxxxxxxxxx
> | > Hi Jake,
> | >
> | > Thanks for using SBS newsgroup. Chad thanks for your updates.
> | >
> | > Issue description:
> | >
> | > ===========
> | >
> | > I am not sure about your issue, can I assume that you have a user
> whose
> | > permission is higher than normal domain user. If this is not your
> issue,
> | > please let me know.
> | >
> | > Analyzing and suggestions:
> | >
> | > ==========
> | >
> | > Generally speaking, we can apply domain user with different WSS
> | > permission.
> | > As I know, there are four kinds of permission, web designer web
> | > contributor, administrator, Reader. If you create a user with "Add
> user
> | > wizard" we will apply any domain user with user template and mobile
> | > template to web designer group, apply the power user and administrator
> to
> | > administrator group automatically.
> | >
> | > If you create a user via ADUC, you might have to configure the
> sharepoint
> | > role by yourself, it might cause the difference between domain users.
> | >
> | > If you want to change the permission of the existing user, you can use
> | > change permission wizard to reapply user's permission. You can
> navigate
> to
> | > the user you want to change permission, right click it and choose
> change
> | > permission. Then you can apply different template to that user to
> change
> | > the permission. Please make sure that if you apply to the existing 4
> SBS
> | > default template, the WSS permission will be applied automatically.
> | >
> | >
> | > If you have any further concerns, please let me know. I am glad to
> help
> | > you.
> | >
> | > --------------------
> | > | From: "Chad A. Gross [SBS MVP]" <chad.gross@xxxxxxxxxxxxxxxxxxxxxxx>
> | > | References: <OsZbn56lFHA.572@xxxxxxxxxxxxxxxxxxxx>
> | > | Subject: Re: Help Domain user associated to wrong Wss account
> | > | Date: Tue, 2 Aug 2005 20:31:59 -0500
> | > | Lines: 15
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> | > | X-RFC2646: Format=Flowed; Response
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> | > | Message-ID: <#dN0hs8lFHA.3448@xxxxxxxxxxxxxxxxxxxx>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: ip68-99-2-40.om.om.cox.net 68.99.2.40
> | > | Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.sbs:140946
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Hi Jake -
> | > |
> | > | Are you sure this is the case, or do you just have a user who has
> higher
> | > | permissions than they should?
> | > |
> | > | Sharepoint permissions on SBS
> | > | http://msmvps.com/cgross/archive/2005/04/14/42164.aspx
> | > |
> | > | --
> | > | Chad A. Gross - SBS MVP
> | > | SBS ROCKS!
> | > |
> | > | http://msmvps.com/cgross
> | > |
> | > |
> | > |
> | >
> | >
> | >
> | > Best regards,
> | >
> | > Charles Yang (MSFT)
> | >
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have
> issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you
> check
> | > the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although
> we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> | > doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> |
> |
> |
>
.
- Follow-Ups:
- Re: Help Domain user associated to wrong Wss account
- From: Robert Zahm
- Re: Help Domain user associated to wrong Wss account
- From: "Charles Yang [MSFT]"
- Re: Help Domain user associated to wrong Wss account
- References:
- Help Domain user associated to wrong Wss account
- From: Jake Smythe
- Re: Help Domain user associated to wrong Wss account
- From: Chad A. Gross [SBS MVP]
- Re: Help Domain user associated to wrong Wss account
- From: "Charles Yang [MSFT]"
- Re: Help Domain user associated to wrong Wss account
- From: Jake Smythe
- Re: Help Domain user associated to wrong Wss account
- From: "Charles Yang [MSFT]"
- Help Domain user associated to wrong Wss account
- Prev by Date: Setting up for external router
- Next by Date: Re: Companyweb Not Found after SP1
- Previous by thread: Re: Help Domain user associated to wrong Wss account
- Next by thread: Re: Help Domain user associated to wrong Wss account
- Index(es):
Relevant Pages
|
