RE: permission

From: Phillips, Mike (PhillipsMike@otc.army.mil)
Date: 02/10/03

  • Next message: Larry Seltzer: "RE: Spam from Symantec" 
    From: "Phillips, Mike" <PhillipsMike@otc.army.mil>
To: 'Kenzo' <kenzo_chin@hotmail.com>, security-basics@securityfocus.com
Date: Mon, 10 Feb 2003 08:40:47 -0600

    IMHO, guest users should have the most restrictive possible access to system
    hard drives or other information that they can hack. I am not sure, but it
    sounds like the guest is using one of your computers to access the Internet.
    Otherwise, they should not see anything other than the web site itself. If
    my guess is correct, your first line of defense is to control who gets
    access to your computers. We tend to be very restrictive. Only members of
    our organization who are visiting here get access under any circumstances.

    Regards,

    Mike Phillips

    -----Original Message-----
    From: Kenzo [mailto:kenzo_chin@hotmail.com]
    Sent: Friday, February 07, 2003 1:47 PM
    To: security-basics@securityfocus.com
    Subject: permission

    OK, I need some input from you guys on this.
    Our webmaster seems to think that giving the guest internet user read access
    to the C drive is OK as long as you don't set IIS to list content and other
    stuff that I don't understand, since I don't know anything about running a
    website.
    I told him that by doing so, most subfolders will also take that permission,
    so if someone that knows what they're doing could compromise that account,
    they would have read access to almost the whole C drive.
    the box is a win2k server with IIS5. I believe he wants to do this for some
    error checking for a C or java program.
    The program suppose to check to make sure that the drive has enought space
    before it starts writing or copying things and for that it needs read access
    to the C drive.
    To me, even thought I don't know anything about programing and webhosting,
    it doesn't look right from the security point of view.

    Please give me some input on this if it's OK or not and why, so that I can
    tell him yes it's OK or NO it's not OK because of this and that.

    Thanks.

    Relevant Pages

    • Re: usernameguest password prompt
      ... Home.I share all drives to all four machines.My problem is with the XP ... xp pro but none of the xp pro machines will map any network drive back ... Make sure that the Guest account is enabled for access by other ... can't see what you see on your computers. ...
      (microsoft.public.windowsxp.network_web)
    • Re: usernameguest password prompt
      ... Home.I share all drives to all four machines.My problem is with the XP ... xp pro but none of the xp pro machines will map any network drive back ... Make sure that the Guest account is enabled for access by other ...
      (microsoft.public.windowsxp.network_web)
    • Re: How do you wintrolls...
      ... The system will automatically connect as a guest. ... But the Mac isn't broken; ... those permissions changes to the entire drive. ...
      (comp.sys.mac.advocacy)
    • Re: usernameguest password prompt
      ... Home.I share all drives to all four machines.My problem is with the XP home machine.I can seemy shared drives from the XP home to any xp pro but none of the xp pro machines will map any network drive back to the XP home machine.I simple get the password box with ... Make sure that the Guest account is enabled for access by other ... computers over the network: ...
      (microsoft.public.windowsxp.network_web)
    • Re: Filesharing Problem - Connect password.
      ... but just not these mounted drives. ... Enter this command to enable the Guest account for access via the ... Remove any network password from the Guest account: ... Please post any reply as a follow-up message in the news group ...
      (microsoft.public.windowsxp.network_web)
    • Quantcast