RE: default for requiring authentication 2003

Murda

"Everyone" means everyone, including unauthenticated users.

A SHARE secured with the "everyone" permission will allow a
non-authenticated user to connect to it, but the default NTFS permissions on
windows folders (notably not default non-windows NAS installations) includes
"Users" in the ACL. "Users" by default only includes "domain users" (on a
domain member), which would require authentication regardless of domain
membership.

So, the chap with the laptop could connect to the share, but would not be
able to access files, unless EITHER the folder being shared included the
"everyone" permission in the ACL or as a member of another group in the ACL,
OR by slim chance the local user he was logging on with happened to have the
same username and password as a user on the domain or on the local server.

Changing the share permission to "Authenticated Users" will give you almost
the same flexibility as "everyone", but force every connection to be
authenticated before presenting the content of the share. There's much more
to share and NTFS permissions, but this is probably enough to answer your
question.

Cheers

James


James D. Stallard MBCS CITP MIoD
Chief Technical Architect
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard




-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Murda Mcloud
Sent: 12 June 2008 03:45
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: default for requiring authentication 2003


I'm having a debate with someone over whether a 2003 server by default
(OOB)forces someone to authenticate(whether to a DC or to the server itself
if standalone) before allowing access to files.



He seems to think that the default is that no authentication is required and
consequently anyone could rock up and connect a laptop to a network with
that server on it and get access to files on it-as the EVERYONE group is
given read permissions to new folders etc.



I say he is wrong but am looking hard to find something to back me up.

I understand that the guest account could access files as it is part of the
EVERYONE group but it's disabled by default-but still, there is an
authentication process for guest to login



Relevant Pages

  • Re: asp.net access database
    ... I'm using IIS5 as the web server. ... How can I do it with IIS authentication method ... > and NTFS file permissions? ... > restrict the NTFS permission, ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to display the "Access Denied" page directly without the a
    ... authentication on whatever the link is pointing to. ... say "it is Shareponit's default behavior to pop up that login box ... whenever user tries to access the sharepoint page to which he/she does ... not the permission", I am referring to the Sharepoint access ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Domain Users keep getting access denied and cant log on
    ... > I have a SharePoint Portal Server on ServerA and it's databases are on ... > but other Domain Users (who have been given permission to the Home area ... > not an issue with him authenticating against the SQL server... ... > is set to Windows Integrated Authentication, whichis fine, so rule IIS ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Web Authentication
    ... Please use such programs only if you have a permission from the ... make a brute force attack to htaccess? ... but i dont know any other ways of authentication. ... scripts in those directories are wirted in PHP Perl and CGI scripting. ...
    (Security-Basics)
  • Re: How to display the "Access Denied" page directly without the annoying Sharepoint login box?
    ... What is your default permission on the site in IIS? ... My tip is still that you concentrate on authentication to your website ... This actually sounds like a network login box from the way you ... Sharepoint site. ...
    (microsoft.public.sharepoint.portalserver)