RE: Bypass Traverse Checking?
From: Hall, Randy (randy.hall@intel.com)
Date: 01/24/03
- Previous message: ATarasul@SpencerStuart.com: "At.exe Service Account - scripted or registry?"
- Maybe in reply to: Williamson, Scott: "Bypass Traverse Checking?"
- Next in thread: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- Reply: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jan 2003 09:27:45 -0800 From: "Hall, Randy" <randy.hall@intel.com> To: <focus-ms@securityfocus.com>
I thought I would weigh in on this discussion, mostly because I see some
dangerous assertions being made.
A very good web article that clears the distinction between Everyone,
Users, and Authenticated Users is at:
http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=23581
I read it and agree with its findings.
Cheers,
--R
-- Randy Hall MCSA, MCSE (randy.hall@intel.com) Network/Web Manager, Corporate Demos Intel Corporation, Santa Clara, CA USA All views expressed herein are MINE MINE MINE!!! -----Original Message----- From: Laura A. Robinson [mailto:larobins@bellatlantic.net] Sent: Friday, January 24, 2003 5:35 AM To: 'Shane Brooks'; 'Williamson, Scott'; focus-ms@securityfocus.com Subject: RE: Bypass Traverse Checking? As an additional item, since I've been challenged on this one via e-mail, I would encourage reading of this: http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?u rl=/ windows2000/techinfo/reskit/en-us/distrib/dsbc_nar_lmxa.asp or http://tinyurl.com/4ubt Particularly this: "Note For anonymous access to be available for Internet users, anonymous access must be enabled on the Internet Information Services (IIS) Web server." Again, note that Authenticated users does _not_ include anonymous. Laura > -----Original Message----- > From: Shane Brooks [mailto:shane@floridacomputerservices.com] > Sent: Monday, January 20, 2003 7:11 PM > To: Williamson, Scott; focus-ms@securityfocus.com > Subject: Re: Bypass Traverse Checking? > > > You should definately make this change. If anything, the > other admin is confusing Anonymous access of web-pages by the > IUSR_[computername] account. However, IIS manages the > password of this account automatically and the account is > therefore a member of "Authenticated Users", since IIS > authenticates every page as IUSR automatically if Anonymous > access is enabled. The only account that is affected by > Everyone is the guest account which is disabled by default. > Hope this helps, Shane > ----- Original Message ----- > From: "Williamson, Scott" <scott.williamson@htcinc.net> > To: <focus-ms@securityfocus.com> > Sent: Wednesday, January 15, 2003 1:10 PM > Subject: Bypass Traverse Checking? > > > > I'm working on procedures for servers in our organization. I keep > > coming across the recommendation to set the following on a Windows > > 2000 Server. > My > > problem is I have another administrator who believes this > could cause > > problems in IIS. What are the lists opinions? Anyone heard of this > causing > > problems? > > > > User Rights Assignment - Set "Bypass Traverse Checking" - Remove > > Everyone and Replace with Authenticated Users. > > > > Thanks in advance for your time, > > > > Michael Scott Williamson > > Systems Administrator >
- Next message: Ralph Los: "Securing IIS/5 with ASP"
- Previous message: ATarasul@SpencerStuart.com: "At.exe Service Account - scripted or registry?"
- Maybe in reply to: Williamson, Scott: "Bypass Traverse Checking?"
- Next in thread: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- Reply: Laura A. Robinson: "RE: Bypass Traverse Checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
