Re: Holes in Session Security?

From: Joe Richards [MVP] (
Date: 05/18/02

From: "Joe Richards [MVP]" <>
Date: Sat, 18 May 2002 16:55:56 -0400

I think I know what you mean. If it is what I think you mean than yes this
is corrected. However if the VB program is actually making a drive letter
connection (like NET USE) to the remote resources then no, the local loged
on user will also be able to get to the data. W2K is much better at keeping
the sessions separated so that one context app will not bleed into another
context app, but again if a permananent style connection is made with the
higher context app then all bets are off.

Joe Richards
"Bruce Ellefritz" <> wrote in message
> Here goes.  A user links to a share on a member server
> running NT 4.0.  They get Access Denied trying to get to
> files because they are not a user in an allowed group
> both for the share and for files.  This is what we want.
> The user then runs a VB app using a different account in
> the code that IS allowed access through another group for
> both the share and the files.  The logged in user can now
> use Explorer to see files in the share and can open files
> with WORD.  Server Manager shows the file(s) are opened
> in the context of the VB program account rather than the
> logged in user.
> Is this a hole in NT 4.0 that is plugged in Win2k Server?
> Is there a way to keep the logged in user out but let a
> different set of credentials buried in a VB app access to
> the files.
> Thanks in advanced.