Re: Help Domain user associated to wrong Wss account
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Tue, 09 Aug 2005 00:29:21 GMT
Hi Jake,
Thanks for updates.
As I know, if we create the user account via "add user wizard" the WSS
permission will be configure according to default setting. Since users also
change the permission on the WSS sites, so the permission will be relate to
WSS setting, after discussing with our DEV team, we can not use SBS audit
to audit the permission on WSS sites, it should be a WSS permission issue.
I suggest you check the documents I refer to, I will also try my best to
help you find if there is any audit tools on WSS side, as I know there are
no direct relation with WSS permission and SBS users.
Thanks for understanding on this issue.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Jake Smythe" <rondican@xxxxxxxxxxx>
| References: <OsZbn56lFHA.572@xxxxxxxxxxxxxxxxxxxx>
<#dN0hs8lFHA.3448@xxxxxxxxxxxxxxxxxxxx>
<d1GKgB$lFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
<O1xu8VLmFHA.2656@xxxxxxxxxxxxxxxxxxxx>
<gefyFHMmFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Help Domain user associated to wrong Wss account
| Date: Mon, 8 Aug 2005 10:07:52 -0700
| Lines: 307
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <#c9C3uDnFHA.2920@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.virtualconstruction.net 66.63.143.230
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:142419
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Charles,
|
| Thanks for the response. We do have the perms set up as groups. We
have
| a top site with 3 sub sites. Both of the users are contributors of the
top
| site, while UserA is an admin of some subsites and UserB is just a
| contributor. The problem seems to be that when UserA tried to do someting
| (the local computer was logged in as UserB's domain account) the wss site
| prompted for the password, as it should, since UserB didn't have the
correct
| permissions. Then UserA put in login and password and saved password to
| access functions on wss. It seems that then the system associated UserA's
| wss perms to UserB's domian account. Now while I have to educate the
users,
| AGAIN, not to user other peoples computers if not logged in themself, how
| can I audit to verify that each domain\user is associated to each wss
| domain\user?
|
| Jake
|
|
|
|
| ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:gefyFHMmFHA.2700@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Jake,
| >
| > Thanks for updates.
| >
| > I understand that you apply different permission to different user. It
| > seems to be permission setting issue, as I know we did not recommend
| > configure permission individually for each user which might cause some
| > interruption and confusion, it is your best interest to configure the
| > permission as group. For detailed configuration of permission setting, I
| > suggest you refer to Windows sharepoint services administration guide:
| >
| >
| >
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/
| > stsf16.mspx
| >
| > As I know, if you access the content that you did not have permission,
you
| > will be prompt to input credential to enter into the content. It is the
by
| > design issue. But you refer to that User A is the administrator of
couple
| > of WSS subsites, and user B have full permission on some site while
user A
| > did not have permission on them, so I am little confuse by it. Could you
| > explain it more clearly.
| >
| > Thanks for your understanding.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "Jake Smythe" <rondican@xxxxxxxxxxx>
| > | References: <OsZbn56lFHA.572@xxxxxxxxxxxxxxxxxxxx>
| > <#dN0hs8lFHA.3448@xxxxxxxxxxxxxxxxxxxx>
| > <d1GKgB$lFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Help Domain user associated to wrong Wss account
| > | Date: Wed, 3 Aug 2005 22:29:27 -0700
| > | Lines: 157
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <O1xu8VLmFHA.2656@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: cpe-66-75-236-25.san.res.rr.com 66.75.236.25
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:141359
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hello,
| > |
| > | Let me see if I can be clearer.
| > |
| > | Both DOMAIN\UserA and DOMAIN\UserB are regular domain users only
| > |
| > | DOMAIN\UserA is an administrator of a couple of subsites on wss
| > |
| > | DOMAIN\UserB is just a normal contributor on wss
| > |
| > | DOMAIN\UserB logs into the computer within the domain on the LAN side.
| > |
| > | DOMAIN\UserB has all of the perms once on the wss site of
DOMAIN\UserA.
| > If
| > | the user tries to get to a site the DOMAIN\UserA doesn't have perms
| > | DOMAIN\UserA login name comes up prompting for a password. If
| > DOMAIN\UserB
| > | clicks on edit personal information on site settings of wss
DOMAIN\UserA
| > | information shows up.
| > |
| > | What I think happened:
| > | It seems that DOMAIN\UserB was logged into a local computer within the
| > | domain. DOMAIN\UserA came to use computer and when prompted for a
| > password
| > | on wss they entered in DOMAIN\UserA...password and clicked save
| > password.
| > | Thus associating DOMAIN\UserB domain account with DOMAIN\UserA wss
| > account.
| > | When we changed DOMAIN\UserA domain password then the DOMAIN\UserB
went
| > to
| > | wss and was prompted for a password, which we had
| > DOMAIN\UserB...password
| > | and clicked save password.
| > |
| > | My concern is that some other accounts might have been compromised
this
| > way.
| > | How can we audit this verifying that the domain DOMAIN\UserZ really
| > links
| > to
| > | DOMAIN\UserZ of wss? Hope I was clearer....
| > |
| > | Jake
| > |
| > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
message
| > | news:d1GKgB$lFHA.3472@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hi Jake,
| > | >
| > | > Thanks for using SBS newsgroup. Chad thanks for your updates.
| > | >
| > | > Issue description:
| > | >
| > | > ===========
| > | >
| > | > I am not sure about your issue, can I assume that you have a user
| > whose
| > | > permission is higher than normal domain user. If this is not your
| > issue,
| > | > please let me know.
| > | >
| > | > Analyzing and suggestions:
| > | >
| > | > ==========
| > | >
| > | > Generally speaking, we can apply domain user with different WSS
| > | > permission.
| > | > As I know, there are four kinds of permission, web designer web
| > | > contributor, administrator, Reader. If you create a user with "Add
| > user
| > | > wizard" we will apply any domain user with user template and mobile
| > | > template to web designer group, apply the power user and
administrator
| > to
| > | > administrator group automatically.
| > | >
| > | > If you create a user via ADUC, you might have to configure the
| > sharepoint
| > | > role by yourself, it might cause the difference between domain
users.
| > | >
| > | > If you want to change the permission of the existing user, you can
use
| > | > change permission wizard to reapply user's permission. You can
| > navigate
| > to
| > | > the user you want to change permission, right click it and choose
| > change
| > | > permission. Then you can apply different template to that user to
| > change
| > | > the permission. Please make sure that if you apply to the existing
4
| > SBS
| > | > default template, the WSS permission will be applied automatically.
| > | >
| > | >
| > | > If you have any further concerns, please let me know. I am glad to
| > help
| > | > you.
| > | >
| > | > --------------------
| > | > | From: "Chad A. Gross [SBS MVP]"
<chad.gross@xxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <OsZbn56lFHA.572@xxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: Re: Help Domain user associated to wrong Wss account
| > | > | Date: Tue, 2 Aug 2005 20:31:59 -0500
| > | > | Lines: 15
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | > | X-RFC2646: Format=Flowed; Response
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | > | Message-ID: <#dN0hs8lFHA.3448@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: ip68-99-2-40.om.om.cox.net 68.99.2.40
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:140946
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hi Jake -
| > | > |
| > | > | Are you sure this is the case, or do you just have a user who has
| > higher
| > | > | permissions than they should?
| > | > |
| > | > | Sharepoint permissions on SBS
| > | > | http://msmvps.com/cgross/archive/2005/04/14/42164.aspx
| > | > |
| > | > | --
| > | > | Chad A. Gross - SBS MVP
| > | > | SBS ROCKS!
| > | > |
| > | > | http://msmvps.com/cgross
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- References:
- Help Domain user associated to wrong Wss account
- From: Jake Smythe
- Re: Help Domain user associated to wrong Wss account
- From: Chad A. Gross [SBS MVP]
- Re: Help Domain user associated to wrong Wss account
- From: "Charles Yang [MSFT]"
- Re: Help Domain user associated to wrong Wss account
- From: Jake Smythe
- Re: Help Domain user associated to wrong Wss account
- From: "Charles Yang [MSFT]"
- Re: Help Domain user associated to wrong Wss account
- From: Jake Smythe
- Help Domain user associated to wrong Wss account
- Prev by Date: Re: Exchange setup when not a public mail server
- Next by Date: RE: Roaming profiles!!
- Previous by thread: Re: Help Domain user associated to wrong Wss account
- Next by thread: Re: Help Domain user associated to wrong Wss account
- Index(es):
Relevant Pages
|
