RE: Access Permissions

Hello Mark,

Thank you for posting here.

I'm sorry for the delay response due to the weekend.

According to your description, I understand that one local user account can
access the domain shared folders without logon domain. If I have
misunderstood the problem, please don't hesitate to let me know.

Based on my research, if the local user account has same name and password
with one domain account, the local user account can access the domain
resource. When you try to access domain shared folder, the shared folder
will ask the client for identification. The client computer will try to use
the current logon user account to do authentication. If the current logon
local user account has same user name and password with one domain user
account, the SBS will mark the authentication success.

Therefore, I suggest you look at the domain user account on SBS, find the
same user account, and rename it or change its password.

If we cannot resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. What's edition of your SBS?

2. What do you mean by "they were mapped"?

3. What do you mean by "map into a particular folder without logging in"?

4. Does this issue happen on all client computers?

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Reply-To: "Mark Mathewson" <mmathewson@xxxxxxxxxxxxx>
| From: "Mark Mathewson" <mmathewson@xxxxxxxxxxxxx>
| Subject: Access Permissions
| Date: Fri, 10 Aug 2007 11:59:01 -0400
| Lines: 8
| Organization: TeachSpin, Inc
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| X-RFC2646: Format=Flowed; Original
| Message-ID: <OSOMPd22HHA.3400@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.teachspin.com 129.44.255.154
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:55776
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| The user is a an active member of the domain. They were not logged in on
| any other workstation at the time they were mapped. I can understand how
| they might be given these browse permissions in this case, butI just find
it
| odd that one can map into a particular folder without logging in, yet
have
| the authority to browse the entire domain as though they were actually
| logged in.
|
|
|

.

Relevant Pages

  • RE: Access Permissions
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... I understand that one local user account ... When you try to access domain shared folder, ...
    (microsoft.public.windows.server.sbs)
  • RE: Elevated Permissions on Vista Workstation!!
    ... You can access the shared folder with a domain user account that does not ... have the explicit ALLOW access permission on a Windows Vista client. ... please verify the access permission of that user account on the ...
    (microsoft.public.windows.server.sbs)
  • Re: XP Home
    ... >> home computers which can not access the shared folders on the SBS server ... What is the user account which you used to access the shared folder? ... please paste it in the newsgroup. ...
    (microsoft.public.windows.server.sbs)
  • can this be done easily
    ... What I would like to do is to allow all non-domain PCs to be able to access one shared folder in one of the member server within the domain using one particular user account. ... this account is also able to access shared folders that are accessible by the members in the domain users group which is something I don't want. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Can this be done without affecting current configuration
    ... What I would like to do is to allow all non-domain PCs to be able to access one shared folder in one of the member server within the domain using one particular user account. ... I removed this user from the domain users group so it only belong to the nondomainuser group. ... this account is also able to access shared folders that are accessible by the members in the domain users group which is something I don't want. ...
    (microsoft.public.windows.server.security)