Re: Null Sessions
From: Bhavna Chauhan[MSFT] (bhavnac_at_online.microsoft.com)
Date: 02/26/04
- Next message: Steven L Umbach: "Re: Null Sessions"
- Previous message: Steven L Umbach: "Re: windows 20000 problem"
- In reply to: A.M: "Null Sessions"
- Next in thread: Steven L Umbach: "Re: Null Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 11:38:33 -0800
A null session is how Windows represents an anonymous user
For example, if a client A authenticates to B and allows B to imprersonate
A. Later on if B has to authenticate to C using A's credentials, it will
authenticate to C impersonating as A (because A allows impersonation to B).
When it connects to C, it establishes a null session on that machine,
instead of establishing a logon for A.
The good thing about this is that B cannot misuse A's credentials on the
network.
By granting access to 'Everyone', you are granting access to all users, both
authenticated and anonymous (null session tokens come under this)
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "A.M" <IHateSpam@sapm123.com> wrote in message news:OHcZjqI$DHA.916@TK2MSFTNGP10.phx.gbl... > Hi, > > What exactly are "Null sessions" or anonymous logons to windoes 2000 ? > > My guess is Access to shares that are available for everyone group. Am I > correct? > > Thanks, > Ali > >
- Next message: Steven L Umbach: "Re: Null Sessions"
- Previous message: Steven L Umbach: "Re: windows 20000 problem"
- In reply to: A.M: "Null Sessions"
- Next in thread: Steven L Umbach: "Re: Null Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
