Re: ... a real easy security problem.

From: John Hoge (jhoge123_at_yahoo.com)
Date: 03/18/04 

Date: 18 Mar 2004 09:05:23 -0800

Karl,

There's no error message, the credentials box just comes back blank.
Auditing is enabled for this directory, but nothing shows up in the
event log.

I worked around the problem by creating a new directory for this file
and assigning the security rights at the directory level. Suddenly the
.asp page and the .htm page can both be browsed with the appropriate
credentials. I guess there is some odd behaviour when using NTFS
permissions at the file level that are different from the directory
containing that file. Another "undocumented feature"...

Relevant Pages

  • RE: eventlog machinename
    ... you can dim up an event log with the machine name and if the credentials of the user running your code can access the ... eventlog of that machine, it will just work. ... >could not understand how to provide the credentials for the remote machine. ...
    (microsoft.public.dotnet.languages.vb)
  • RE: VB6 DLL can not write to event logs in IIS 6.0
    ... >¡°The web site is setup to not allow anonymous access. ... that the process runs under the credentials of the user who is accessing ... the event log still can not be written successfully if you use ...
    (microsoft.public.inetserver.iis.security)
  • Re: Help with event viewer errors / warnings
    ... rebooting with credentials entered. ... is also polluting the event log with an error. ... Installation Failure: Windows failed to install the following update ... I don't believe this to be related to the credentials I entered since ...
    (microsoft.public.windows.server.dns)
  • Re: run -> unc server name (just one particualar one) -> "extended error has ocurred"
    ... I saw an event id 14 Kerberos warning in the event log. ... really pay that much attention to it, because it didn't really pop up ... and sure enough there was an entry there for my misbehaving server. ... removed it and then it asked me for my credentials, ...
    (microsoft.public.windows.server.general)
  • Re: Getting a list of logged on users and hosts
    ... you know that any decent log system doesn't just truncate ... Event log is just a message box replacement for services. ... Credentials are a subset of static attributes ... authenticate me they are a credential and no code (including TCB code) has ...
    (microsoft.public.win32.programmer.networks)
Quantcast