Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 05/15/04 

Date: Fri, 14 May 2004 18:35:03 -0400

I responded to this in another newsgroup, please don't multipost. 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Matt G. wrote:
> I am noticing the strangest behavior on my Win2K3 server - 
> I configured a share - granted EVERYONE full control share access (as
> recommended - limit access via NTFS).
> Limited the NTFS permissions to 'Administrators-Full', System-'Full',
> and Network 'Read,Execute'.
> 
> Even with these seemingly limited permissions, I can access the share
> with a non-admin domain user - this obviously doesn't make sense since
> the user isn't in the admin group.  I deleted the 'Network' built in
> account, and access was denied.  If Ireapply the NETWORK account,
> access is granted.  The level of access for the non-domain account
> mimics the access level granted to the built in Network accout on the
> share.
> 
> The reason this is a problem is because we are trying to use Front
> Page Server Extensions on this share... FPSE automatically adds the
> NETWORK user to all subwebs, which then apparently grants access to
> non-admin users, or users who don't explicitly have permissions on the
> share. Very strange, and troubling.  I hope I am just doing something
> stupid....
> 
> PLease help!!!
> 
> -Matt

Relevant Pages

  • Re: Virtual Directory - Permission Denied with fso CopyFile
    ... TestUser (normal user account with same credentials on all machines). ... I created a share on a remote server. ... reviewing it's sharing permissions and security tab permissions "everyone" ... "directory security" tab on the vdir and selecting, edit, edit and manually ...
    (microsoft.public.inetserver.iis)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.general)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.networking)
  • Re: How do you assign permissions to local network users on other m/cs?
    ... Setting up a network via a router, between laptop and pc, I found that ... Experimenting with the permissions via the security tab on the pc's ... Permissions that you assign to a local account on the PC ... Windows XP Professional File Sharing ...
    (microsoft.public.windowsxp.network_web)