Re: Everyone permissions
From: Alaa Abdelhalim [MSFT] (alaa_at_online.microsoft.com)
Date: 06/20/03
- Next message: kb: "urgent: how to document ntfs perms"
- Previous message: Steven Burnett: "Re: I didnt practice safe FTP hosting"
- In reply to: Matt Smith: "Re: Everyone permissions"
- Next in thread: Steven L Umbach: "Re: Everyone permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Jun 2003 15:12:25 -0700
Matt,
The shares that you are referring to are called "administrative" shares
because they only allow access to administrative accounts, not "Everyone" or
even "Builtin\Users". If they did, that would have been a security hole.
I'm afraid your hacker probably got in some other way, which would be worth
investigating. If they indeed got access through these shares, that would
mean that they had successfully cracked some account that belonged to the
Administrators or Backup/Server Operators groups and then used that.
By the way, you can modify this behavior in Windows Server 2003.
http://support.microsoft.com/default.aspx?scid=kb;en-us;816524
You can also search the Microsoft KB for similar articles pertaining to
Windows 2000 or Windows NT4.0
Thank you
-- Alaa Abdelhalim [MSFT] ----- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only. "Matt Smith" <wsecomp@christfocus.com> wrote in message news:118b01c334df$cf1fe070$a401280a@phx.gbl... > I beg to differ in this matter. Windows DOES have default > shares, C$, IPC$, etc. which hackers can use to their > advantage if the 'Everyone' group settings remain in their > default state. We had a hacker get into many of our > systems due to this vulernability. > > > >-----Original Message----- > >The permissions you see only apply to users who already > managed to log on to > >your computer. This says that any local user who logs on, > for example, will > >have full control over the folders that have this access > control entry. > >However, since the folders are not shared out by default, > >remote/unauthorized users cannot access them. Moreover, > when you do share > >out a folder, the permissions on the share can be more > restrictive than the > >ones on the folder, which will server to restrict access. > (Granted rights = > >the intersection of share permissions and folder/file > permissions) > > > >In the interest of defense in depth, however, this > default has changed in > >Windows Server 2003 to match the high security template > which grants > >Everyone only read/execute access. > > > >-- > >Alaa Abdelhalim [MSFT] > >----- > >This posting is provided "AS IS" with no warranties, and > confers no rights. > >Please do not send e-mail directly to this alias. This > alias is for > >newsgroup purposes only. > > > > > > > >"adam" <chihai@charter.net> wrote in message > >news:0b8d01c33208$667c86b0$a001280a@phx.gbl... > >> I am aware that WIN2K comes with the default > persmissions > >> set to everyone. What type of security risk is this? > Does > >> it allow for just anyone to have access to the computer > >> even if the domain requires a user name and password? > > > > > >. > >
- Next message: kb: "urgent: how to document ntfs perms"
- Previous message: Steven Burnett: "Re: I didnt practice safe FTP hosting"
- In reply to: Matt Smith: "Re: Everyone permissions"
- Next in thread: Steven L Umbach: "Re: Everyone permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
