Re: Bypass Traverse Checking?

From: Shane Brooks (shane@floridacomputerservices.com)
Date: 01/21/03

  • Next message: Dozal, Tim: "Has this been exploited in a known virus yet?"
    From: "Shane Brooks" <shane@floridacomputerservices.com>
    To: "Williamson, Scott" <scott.williamson@htcinc.net>, <focus-ms@securityfocus.com>
    Date: Mon, 20 Jan 2003 19:10:32 -0500
    
    

    You should definately make this change. If anything, the other admin is
    confusing Anonymous access of web-pages by the IUSR_[computername] account.
    However, IIS manages the password of this account automatically and the
    account is therefore a member of "Authenticated Users", since IIS
    authenticates every page as IUSR automatically if Anonymous access is
    enabled. The only account that is affected by Everyone is the guest account
    which is disabled by default.
    Hope this helps,
    Shane
    ----- Original Message -----
    From: "Williamson, Scott" <scott.williamson@htcinc.net>
    To: <focus-ms@securityfocus.com>
    Sent: Wednesday, January 15, 2003 1:10 PM
    Subject: Bypass Traverse Checking?

    > I'm working on procedures for servers in our organization. I keep coming
    > across the recommendation to set the following on a Windows 2000 Server.
    My
    > problem is I have another administrator who believes this could cause
    > problems in IIS. What are the lists opinions? Anyone heard of this
    causing
    > problems?
    >
    > User Rights Assignment - Set "Bypass Traverse Checking" - Remove Everyone
    > and Replace with Authenticated Users.
    >
    > Thanks in advance for your time,
    >
    > Michael Scott Williamson
    > Systems Administrator