Re: Do all login users secretly belong to the Users group?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/13/05

• Next message: Steven L Umbach: "Re: Windows 2003 Security/Permissions"
• Previous message: Steven L Umbach: "Re: logon to DC without Admin rights"
• In reply to: sparky62: "Do all login users secretly belong to the Users group?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 13 May 2005 00:27:48 -0500

Roger explained why this is happening. Avoid using users/authenticated users
[though authenticated users is more restrictive than users] group when you
want to restrict access to folder/file. You could use explicit deny for a
group like guests or better yet create your own groups to grant access to
the folder/file to that specific group that does not include members you do
not want to have access. When you logon as a user you create you can use the
command "whoami /groups" to see the various groups that the user belongs to.
You may need to install the support tools to use whoami. --- Steve

"sparky62" <sparky62@discussions.microsoft.com> wrote in message
news:095DFEA0-C5A2-4C38-8549-D60C4E32B5A8@microsoft.com...
>I create a new user, make it a member of the Guests group and explicitly
> remove it
> from the Users group (so that the new user is a member of the Guests group
> and no other group).
>
> Strangely this new user has the "effective permissions" to "read &
> execute"
> a file as if it was in the Users group. This is very odd behaviour.
>
> My file has an ACL with "full control" ACEs for
> SYSTEM, Administrators and CURRENT OWNER (Administrator), and a "read &
> execute" ACE for the "Users" group (and no other ACEs).
>
> Also if I log on as the new user in the Guests group I can read the file
> too.
>
> What is going on?
>

• Next message: Steven L Umbach: "Re: Windows 2003 Security/Permissions"
• Previous message: Steven L Umbach: "Re: logon to DC without Admin rights"
• In reply to: sparky62: "Do all login users secretly belong to the Users group?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Access is Denied to Event Viewer logs ... Also open the local guests group, ... Access is Denied to Event Viewer logs ... | I am afraid the Administrator is not a member of the Guest group. ... (microsoft.public.win2000.security) Re: Anonymous user access problem. ... is the new Test user a memberof USERS group? ... > was not able to access ftp server using anonymous user. ... > and made it member of guests group only and I am able to access FTP site ... (microsoft.public.inetserver.iis.ftp) Re: Anonymous user access problem. ... Yes the new Test user is just member of Guests group only. ... >> was not able to access ftp server using anonymous user. ... (microsoft.public.inetserver.iis.ftp) RE: keeping the rugrats out of the computer ... Select the Member Of tab. ... Click Add, and select the Guests group from the list, and click Okay. ... > when he goes to those kids' games websites. ... (microsoft.public.windowsxp.general) Re: Event Log Access ... I didn't mention before that I was previously a member ... After logging out and logging back in, ... the Event Logs. ... The guests group can be denied access to the ... (microsoft.public.windows.server.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint