Re: Service running as Local system account Unable to map drive on ano



If kerberos auth is being used, you simply grant rights for the computer account from AD on the share and the file system. The security concern is that ANYTHING running as localsystem on the specific computer will have access to the share. For anonymous access you enable the null session share and set the ACL on the file system to everyone read or write depending on the access you want. The security concern here is anyone that knows to connect as anonymous will have that access.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Phillip Windell wrote:
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:%23cEgSCyCGHA.2920@xxxxxxxxxxxxxxxxxxxxxxx
That is incorrect, this can be made to work. Localsystem will either
connect
anonymously or as the computer account depending on whether or not
kerberos auth
was used. Both can be used though there could be security implications
depending
on the data involved.

How do you go about doing that?

.



Relevant Pages

  • [UNIX] Buffer Overflow in ISO9660 File System Component of Linux Kernel
    ... Get your security news from a reliable source. ... The Linux kernel performs no length checking on ... symbolic links stored on an ISO9660 file system, ... In order to exploit this vulnerability, an attacker must be able to mount ...
    (Securiteam)
  • Re: FSI Indices with translates the answer
    ... directory of the file system that one is within, ... there are other MV dbms products that have virtually no security ... MV vendors should provide that functionality required by "ALL" users. ... when you fire anyone who points out problems ...
    (comp.databases.pick)
  • Re: For the AdaOS folks
    ... A mall with one or two doors on the outside to be ... > only makes sense to choke the security at a minimal number ... > that exist within the file system. ... While it is not the entire answer to network ...
    (comp.lang.ada)
  • Re: Linux security
    ... that is in Windows NT-based systems out of the box. ... Why do you want that fine level of control? ... level of control over security?" ... a file system is a different beast altogether. ...
    (Ubuntu)
  • Re: what is reset account?
    ... Such doesn't require perfect security, ... the GPO team's updates to the production domain and the ACL got wiped in ... can force the client to do a password change. ... computer account, along with repairing all other DNS problems etc, ...
    (microsoft.public.win2000.active_directory)