RE: Bypass Traverse Checking?
From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 01/24/03
- Previous message: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- In reply to: Shane Brooks: "Re: Bypass Traverse Checking?"
- Next in thread: Shane Brooks: "Fw: Bypass Traverse Checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Laura A. Robinson" <larobins@bellatlantic.net> To: "'Shane Brooks'" <shane@floridacomputerservices.com>, "'Williamson, Scott'" <scott.williamson@htcinc.net>, <focus-ms@securityfocus.com> Date: Fri, 24 Jan 2003 02:35:53 -0500
Everyone also affects Anonymous- In Windows 2000 and earlier, Everyone
includes the Anonymous account. In Windows Server 2003, there is a
separation of the Anonymous account from the Everyone group. Where there
would be an effect from this is in establishment of null connections to
servers- null connection settings relate to what can be done with
"unidentified" connections.
As a side note, RestrictAnonymous=2 is no longer supported in Windows Server
2003.
Laura
> -----Original Message-----
> From: Shane Brooks [mailto:shane@floridacomputerservices.com]
> Sent: Monday, January 20, 2003 7:11 PM
> To: Williamson, Scott; focus-ms@securityfocus.com
> Subject: Re: Bypass Traverse Checking?
>
>
> You should definately make this change. If anything, the
> other admin is confusing Anonymous access of web-pages by the
> IUSR_[computername] account. However, IIS manages the
> password of this account automatically and the account is
> therefore a member of "Authenticated Users", since IIS
> authenticates every page as IUSR automatically if Anonymous
> access is enabled. The only account that is affected by
> Everyone is the guest account which is disabled by default.
> Hope this helps, Shane
> ----- Original Message -----
> From: "Williamson, Scott" <scott.williamson@htcinc.net>
> To: <focus-ms@securityfocus.com>
> Sent: Wednesday, January 15, 2003 1:10 PM
> Subject: Bypass Traverse Checking?
>
>
> > I'm working on procedures for servers in our organization. I keep
> > coming across the recommendation to set the following on a Windows
> > 2000 Server.
> My
> > problem is I have another administrator who believes this
> could cause
> > problems in IIS. What are the lists opinions? Anyone heard of this
> causing
> > problems?
> >
> > User Rights Assignment - Set "Bypass Traverse Checking" - Remove
> > Everyone and Replace with Authenticated Users.
> >
> > Thanks in advance for your time,
> >
> > Michael Scott Williamson
> > Systems Administrator
>
- Next message: Ed Sunder: "Re: Stopping Admin Alert SPAM"
- Previous message: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- In reply to: Shane Brooks: "Re: Bypass Traverse Checking?"
- Next in thread: Shane Brooks: "Fw: Bypass Traverse Checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
