Re: Everyone, Users, and Guests
From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 06/20/03
- Next message: Jeff Cochran: "Re: I didnt practice safe FTP hosting"
- Previous message: Rob Betts: "Your password has expired..constantly on every login.."
- In reply to: Salt_Peter: "Re: Everyone, Users, and Guests"
- Next in thread: Salt_Peter: "Re: Everyone, Users, and Guests"
- Reply: Salt_Peter: "Re: Everyone, Users, and Guests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Jun 2003 12:26:25 GMT
And keep in mind, these are just default or "suggested" groups. If
*your organization* needs to modify these for its own security issues,
there's no reason not to. A good example is not using the Everyone,
Gloabal Guests or Local Guests groups for any type of access if you
don't need/use anonymous access.
And the key that many forget, Everyone doesn't mean everyone. The
anonymous web accounts (IUSR/IWAM) for example don't normally belong
to the Everyone group.
Jeff
On Fri, 20 Jun 2003 03:09:40 -0400, "Salt_Peter" <salt@peter.mtl>
wrote:
>Everyone = both authenticated and anonymous logons
>Authenticated Users = users authenticated by any trusted domain (it's a
>foreign security principle)
>Domain Guests (is a global group) = anonymous logons (the Guest account is
>disabled)
>Guests (is a local group) = Used to provide anonymous access to local
>resources
>Domain Users (is a global group) = domain's authenticated users (a member of
>Users/Builtin)
>Users (is a local group) = Used to provide DU's secure permissions to local
>resources (Users/Builtin if u prefer)
>
>Users go into Global groups,
>Global Groups go into Local Groups,
>Local Groups are given permissions to resources.
>
>Acronym: UGLP
>
>Local goups can't be exported, Global groups can cross a trust relationship
>and finally, it's bad Karma to give Global groups permission to resources.
>That's what Local groups are for. That way the admin has control over the
>contents of the group using resources on his systems..
>
>
>"e-head" <ehead@nobodies.biz> wrote in message
>news:14443a380aecdcbf09721fad2a0079a4@free.teranews.com...
>> I'm sure I'm not the only one who has found these three groups confusing.
>>
>> Is the Everyone group only supposed to include authenticated users ? That
>> is, authenticated either on the local machine, or on a domain
>> via a domain controller. Anyone who "signs on" to any workgroup or domain
>in
>> this regard would be considered Everyone ?
>> And the only one's that would not be a part of this group are, say, 98
>users
>> who hit cancel instead of signing on the workgroup/domain.
>>
>> Guests are literally anyone, right ? Even if the person was not
>> authenticated on a domain or workgroup. So, e.g. , if you wanted to run an
>> anonymous ftp server and give read/write permission to everyone who came
>> along, you would grant this permission to Guests ?
>>
>> If anyone could highlight the fine points between all these groups I would
>> appreciate it.
>>
>> Also, Everyone seems hidden in XP. He is there, I can type him in and add
>> him, but he doesnt show up in the users and groups mmc.
>>
>>
>>
>
- Next message: Jeff Cochran: "Re: I didnt practice safe FTP hosting"
- Previous message: Rob Betts: "Your password has expired..constantly on every login.."
- In reply to: Salt_Peter: "Re: Everyone, Users, and Guests"
- Next in thread: Salt_Peter: "Re: Everyone, Users, and Guests"
- Reply: Salt_Peter: "Re: Everyone, Users, and Guests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
