Re: Computer accounts in NTFS permissions
From: Miroslaw Slawek Chorazy (mchorazy_at_depaul.edu)
Date: 02/23/05
- Previous message: Gustavo Mateus: "Re: Com+ permissions"
- Maybe in reply to: Daniel Schmidt: "Computer accounts in NTFS permissions"
- Next in thread: Jim Masson: "RE: Computer accounts in NTFS permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Feb 2005 16:23:43 -0600 To: <dschmidt@buddyrents.com>, <bkmlstsgohere@comcast.net>
Marshall
>The computer account -- not System or some other account on the
computer --
>isn't ever going to be accessing files (at least not in any examples I
can
>think of).
In an AD environment, the computer account will indeed be used during
the startup process and will need appropriate permissions and rights
associated with it to read AD Objects like GPOs and scripts.
In some environments, the AD DNS dynamic name registration is also
performed using the SID associated with the Computer.
slawek
>>> "Bruce K. Marshall" <bkmlstsgohere@comcast.net> 2/23/2005 14:23
>>>
Daniel,
The computer account -- not System or some other account on the
computer --
isn't ever going to be accessing files (at least not in any examples I
can
think of). And permissions won't be enforced just because a user or
service
account happens to be operating from that computer. So, setting using
a
computer security principal in NTFS ACLs won't have any effect.
If a service on the computer is trying to access the file then you
should be
able to set up NTFS ACLs using the appropriate account (System, Local
Service, Network Service, etc.).
---- Bruce K. Marshall - bmarshall@securityps.com Security PS - Kansas City ----- Original Message ----- From: "Daniel Schmidt" <dschmidt@buddyrents.com> To: <focus-ms@securityfocus.com> Sent: Wednesday, February 23, 2005 9:32 AM Subject: Computer accounts in NTFS permissions > It is my understanding that computer accounts can be used as security > principals, but using them in a NTFS ACL seems to have no effect. Does > computer account authentication only authorize accesses from the SYSTEM > account? Can anyone point me toward some useful reading on the subject? > > Daniel Schmidt --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Gustavo Mateus: "Re: Com+ permissions"
- Maybe in reply to: Daniel Schmidt: "Computer accounts in NTFS permissions"
- Next in thread: Jim Masson: "RE: Computer accounts in NTFS permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
