Re: User account and security



Al wrote:
On Vista, in order for a system to see another machine's share, it asks for the user's credentials. I know this can be tuned off using Password protection for shares. However, regardless, if both the systems have the same user account with the same password (not necessarily logged in as that user but just if they have it), then things become very simple and the other user can see and open the shares.

So here is the question: I am thinking of automatically creating a user account with a GUID like password on these systems using standard Win32 API's. However, I am afraid that by creating user accounts automatically (albeit with a GUID like password), I maybe opening up the user system inadvertently to some security risk beyond what I am trying to achieve.

Does anyone have an opinion on this or see any major issues in doing this?

Thanks.


This is my outlook on what user account group to use on file share.

<http://windowsitpro.com/article/articleid/23581/should-you-use-the-authenticated-users-group.html>

It works on a p2p level as well for anyone like a remote user or a local user that is using a valid user account on the machine that is hosting the file share.

For me, I delete all accounts of the folder of the file share, and I also delete all accounts of the Share's permissions, leaving only the Authenticated users group and set permissions for the group on the folder and the share.

Authenticated users group tightens security on the file share, so that only authenticated users can access the share with an existing user account on the file share hosting machine.
.



Relevant Pages

  • Re: How to recreate an AD User Account?
    ... Sure sounds like a user profile issue...... ... > now have Full control permissions on all of these shares, ... > when another user logs on at his pc they are able to view the shares. ... > recreate his user account but I want to find some instructions on how to ...
    (microsoft.public.windows.server.active_directory)
  • User account and security
    ... the user's credentials. ... user account with the same password (not necessarily logged in as that user ... can see and open the shares. ... account with a GUID like password on these systems using standard Win32 ...
    (microsoft.public.windows.vista.security)
  • How to recreate User?
    ... I have a user who is unable to see his four network shared drives (the error ... he recieves is access denied - although his user account and machine account ... When the user logs on at another machine he can see the shares, ... when another user logs on at his pc they are able to view the shares. ...
    (microsoft.public.windows.server.general)
  • How to recreate an AD User Account?
    ... I have a user who is unable to see his four network shared drives (the error ... he recieves is access denied - although his user account and machine account ... When the user logs on at another machine he can see the shares, ... when another user logs on at his pc they are able to view the shares. ...
    (microsoft.public.windows.server.active_directory)
  • Re: OT. Calling Network Admins Delete rights "objects"
    ... By default, all authenticated users ... Actually every user account has the ability to add 10 computer accounts by ... default in an AD environment unless you've changed that in GP. ... Diane ...
    (rec.games.pinball)