2003 home folder security problem
From: Dan King (danking65_at_earthlink.net)
Date: 08/06/04
- Next message: Dan King: "Re: help!!!!"
- Previous message: Pau Garcia i Quiles: "Re: help!!!!"
- Next in thread: Dmitry Korolyov [MVP]: "Re: 2003 home folder security problem"
- Reply: Dmitry Korolyov [MVP]: "Re: 2003 home folder security problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 5 Aug 2004 17:46:26 -0700
There seems to be a lack of security in the 2003 version of Active
Directories Users and Computers (ADUC).
When creating a home folder with the 2000 version of ADUC, the home folder
rights given are:
Adminstrators - FULL CONTROL
and
the user FULL CONTROL.
It then makes it so rights are not inherited from the parent folder.
The 2003 version of ADUC gives the same rights, but does NOT prevent the
inheritance of rights.
So a default home folder created by the 2000 ADUC is secure,
and the default home folder created by the 2003 ADUC is NOT secure. Giving
all Domain Users READ access.
The OS that the folder is being created on does not matter, only the ADUC
version used.
Does anyone know of a fix for this, or is having the same experience?
A possible fix is to go to every home folder and uncheck rights inheritance,
but that can be tedious. It seems MS took a step back in security here.
Dan
-- __o _-\<, (_)/(_)____
- Next message: Dan King: "Re: help!!!!"
- Previous message: Pau Garcia i Quiles: "Re: help!!!!"
- Next in thread: Dmitry Korolyov [MVP]: "Re: 2003 home folder security problem"
- Reply: Dmitry Korolyov [MVP]: "Re: 2003 home folder security problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
