RE: Internet security on "hotspots"

Authenticated Users and Everyone are not the same, and the difference
between them has nothing to do with the Guest account or Guests/Domain
Guests groups. In Windows 2000 and earlier, Everyone includes Anonymous
Logon. In Win2K3, the Anonymous Logon account was removed from the Everyone
group. Mixed-mode domains (Win2K) and Windows 2000 mixed functional level
domains (Win2K3) have nothing whatsoever to do with the membership of the
Everyone group. Mixed mode/FL relating to groups is about whether or not you
can create universal security groups and fully utilize domain local groups.
Last, the built-in Guest account is part of both Authenticated Users *and*
Everyone.

An old post I wrote so I don't have to type the details up again:

http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/2003-01/0046.h
tml


Laura

-----Original Message-----
From: Trevor [mailto:trevor@xxxxxxxxxxx]
Sent: Wednesday, April 19, 2006 7:41 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Internet security on "hotspots"

How about looking into using IPSec with a Pre-shared key
(since the home user likely does not have a Cert Authority or AD)?

That link does have a few misnomers. Using "Authenticated
Users" on shares over Everyone is only necessary in a
mix-mode domain. Otherwise, AU and Everyone are the same (as
2000 removed Guest from the Everyone group).

-Trevor

-----Original Message-----
From: ilaiy [mailto:ilaiy.e@xxxxxxxxx]
Sent: Wednesday, April 19, 2006 9:03 AM
To: nimda@xxxxxxxxxxxx
Cc: Agent Zr0; focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Internet security on "hotspots"

Came across this checklist for home users which is pretty good ..

[url]
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
[/url]

./thanks
ilaiy

--------------------------------------------------------------
----------
---
--------------------------------------------------------------
----------
---


--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • Re: Directory Permissions - What gives?
    ... OK I can agree with that and "I stand corrected" on the guest account. ... Authenticated Users groups. ... If you had the parent folder shared at Everyone=FULL or even better ... permissions from the parent folder and add Group B and have inheritance ...
    (microsoft.public.windows.server.general)
  • Re: Directory Permissions - What gives?
    ... guest account isn't member of authenticated users ... However, if you've enabled the Guest account, ... you'll find that users who have logged on as Guest are members of Everyone ... again no matter what type of access you need to grant in the folder or sub ...
    (microsoft.public.windows.server.general)
  • Re: Followed the KBs but still an Open Relay?
    ... I clear the checkmark for authenticated users. ... Make sure the guest account is disabled. ... which supposedly do not allow open relaying. ... >allow authenticated users to relay regardless of their IP. ...
    (microsoft.public.windows.server.sbs)
  • RE: catch 22: user rights assignment
    ... If the users are in the same domain and have network ID's, ... rights by removing EVERYONE and adding "Authenticated Users". ... > compromised by usage of the guest account to relay spam. ... Changing smtp security is not an option, ...
    (microsoft.public.windows.server.active_directory)
  • Re: File sharing
    ... >> The windows firewall is on File and print sharing is on. ... > It could be a ForceGuest issue... ... Validate User Credentials on Microsoft Operating Systems ... > If the Guest account is enabled, an SSPI logon will succeed as Guest ...
    (microsoft.public.windowsxp.security_admin)