Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions
From: Matt G. (mgoldste5_at_hotmail.com)
Date: 05/16/04
- Next message: Ben M. Schorr, MVP-OneNote: "Re: Exchange 2003"
- Previous message: Roger Abell [MVP]: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- In reply to: Roger Abell: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- Next in thread: Roger Abell [MVP]: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- Reply: Roger Abell [MVP]: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 May 2004 20:41:11 -0700
Sorry, I am a newbie to this - will 'cross post' next time.
How do you disable FPSE's automatic management of the NTFS? And if I
do this, will FPSE break? I feel like it needs the NETWORK account to
perform regular functionality.
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message news:<OwMyMSsOEHA.2876@TK2MSFTNGP09.phx.gbl>...
> Not knowing where Joe replied, or if the last part of this is
> there mentioned . . . (all of which would not be an issue if
> you had cross-posted instead of multi-posted)
>
> "Network" stands for any account that has authenticated with
> log on over the network right.
> You need to disable FPSE's automatic management of the
> NTFS permissions. One way to do that is in the IIS UI.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Matt G." <mgoldste5@hotmail.com> wrote in message
> news:39160935.0405141416.6ee7854d@posting.google.com...
> > I am noticing the strangest behavior on my Win2K3 server -
> > I configured a share - granted EVERYONE full control share access (as
> > recommended - limit access via NTFS).
> > Limited the NTFS permissions to 'Administrators-Full', System-'Full',
> > and Network 'Read,Execute'.
> >
> > Even with these seemingly limited permissions, I can access the share
> > with a non-admin domain user - this obviously doesn't make sense since
> > the user isn't in the admin group. I deleted the 'Network' built in
> > account, and access was denied. If Ireapply the NETWORK account,
> > access is granted. The level of access for the non-domain account
> > mimics the access level granted to the built in Network accout on the
> > share.
> >
> > The reason this is a problem is because we are trying to use Front
> > Page Server Extensions on this share... FPSE automatically adds the
> > NETWORK user to all subwebs, which then apparently grants access to
> > non-admin users, or users who don't explicitly have permissions on the
> > share. Very strange, and troubling. I hope I am just doing something
> > stupid....
> >
> > PLease help!!!
> >
> > -Matt
- Next message: Ben M. Schorr, MVP-OneNote: "Re: Exchange 2003"
- Previous message: Roger Abell [MVP]: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- In reply to: Roger Abell: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- Next in thread: Roger Abell [MVP]: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- Reply: Roger Abell [MVP]: "Re: Win 2K3 Serv: NETWORK built in account on UNC share grants EVERYONE permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
