Re: DACLS for software distribution points...

If you'll notice all of the risk and criticality notes in security bulletins are assuming that you have not made any such adjustments to your XP and 2k3 configurations.

Look at the last batch of patches and while the 2000's can' be nailed from anon connections... 2k3/XP's need authenticated connections to be nailed.

Thus ... one would be wise to either

1. Yell at vendors who force you to make such adjustments to XP and 2k3 (and go read the latest Howard/Lipner book on the Security Development Lifecycle to get even angrier at the reminders of all of my vendors who don't care about security or privacy)
2. Use your SA rights to just downgrade to 2000 and be done with it
3. Really document your network and understand that you can no longer read the Microsoft bulletins and use their risk rankings....

As the so called "buggy patch" of 05-051 taught us... if you are going to deviate from the default... make sure you now understand that you "own" that and it's up to you to understand and test for it.

Devin Ganger wrote:

At Thursday, July 06, 2006 5:38 PM, Susan Bradley, CPA aka Ebitz - SBS
Rocks [MVP] wrote:

In the 2k3 era the Everyone group is akin to the Authenticated users
anyway since Everyone in the 2k3 era does not include the anon users.

A minor quibble, since several folks have now all made this same

Windows XP and Windows Server 2003 do not include the Anonymous SID in
the Everyone group membership *out of the box* when in standlone mode.
However, this behavior can be configured through Group Policy or
registry, so you can't just assume that this is the case.

Those of you who doubt this are welcome to refer to KB 278259 for
details or read up on the "Network access: Let Everyone permissions
apply to anonymous users" Group Policy setting in Chapter 5 of the
Threats and Countermeasures Guide, which you can find online at:

Letting your vendors set your risk analysis these days?

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...