Re: Unwanted share access despite security settings

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 07/28/04 

Date: Wed, 28 Jul 2004 22:12:24 +0200

Hi,

your first scenario can be explained like this.

User (MrX) has password (MrXpass) on domain. He has same username (MrX) and
password (MrXpass) on his local computer. When he tries to access resource
on domain from his PC, Windows will automatically send his username (MrX)
and password (MrXpass) to domain. Since such user exist and has correct
password, he is granted access. Well in company where I work I am the only
Mike and that is what my username is. If there was another one I guess his
username was Mike1, but I don't think there is much chance that we would
have exactly same password (unless password is password)... :-). If the case
is that two users have same password at the same time then these password
are note secure enough (e.g. not Pass Phrases). I recently did an audit of
450 user accounts for the customer and not 2 passwords were the same...

On XP was network share mapped manually?

Who are other users of group ABC?

I hope this helps,

Mike

"Titus van Houwelingen" <titusnntp@hotmail.com> wrote in message
news:410800af$0$62379$5fc3050@dreader2.news.tiscali.nl...
> Hello,
>
> I have a share on a W2K Advanced server with active directory.
> Permissions on the share are for a group ABC (defined in Active
Directory).
> NTFS security is full acces for 'everyone'.
>
> A user MrX belongs to group ABC.
>
> Whe MrX log on LOCALLY on a NT4 machine and this local account has the
same
> username/password he can access the share. I think this shouldn't be
> possibble because the group is a domain group. And no explicit access for
> MrX has been defined on the share, only the ABC group. Nothing else.
>
> It gets worse: when he uses WinXP professional, and he has a LOCAL account
> with the same name but with an EMPTY password, he gets access to the share
> when he logs on LOCALLY!
>
> The guest account is disabled.
>
> I must be doing something stupid. Can anyone please tell me what could be
> the problem?
>
> Thanks in advance,
> Titus
>
>
>
>

Relevant Pages

  • Re: Unwanted share access despite security settings
    ... password (MrXpass) on his local computer. ... Mike and that is what my username is. ... > A user MrX belongs to group ABC. ... when he uses WinXP professional, and he has a LOCAL account ...
    (microsoft.public.win2000.advanced_server)
  • Re: Unwanted share access despite security settings
    ... password (MrXpass) on his local computer. ... Mike and that is what my username is. ... > A user MrX belongs to group ABC. ... when he uses WinXP professional, and he has a LOCAL account ...
    (microsoft.public.win2000.active_directory)
  • Re: Workgroup File Sharing Problem XP HomeWorkstations 2003 File Serve
    ... Create a local account on 2003 with the usernames and passwords in use on ... each of the XP machines. ... | folder and mapping it as administrator, users must always enter a username ... | I also want to setup printer sharing. ...
    (microsoft.public.windows.server.setup)
  • Re: Unwanted share access despite security settings
    ... User credentials do not have to be domain based for access to a domain resource. ... and logon as him on that XP computer with his local account that has a blank password ... > A user MrX belongs to group ABC. ...
    (microsoft.public.win2000.advanced_server)
  • Re: Unwanted share access despite security settings
    ... User credentials do not have to be domain based for access to a domain resource. ... and logon as him on that XP computer with his local account that has a blank password ... > A user MrX belongs to group ABC. ...
    (microsoft.public.win2000.security)