[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: RE: DACLS for software distribution points...
From: "Laura A. Robinson" <larobins () bellatlantic ! net>
Date: 2006-07-12 3:22:10
Message-ID: 00f401c6a562$5d2b88b0$690fa8c0 () ripped2
[Download RAW message or body]
Actually, in a default Windows Server 2003 *domain*, the Everyone group does
not include the Anonymous Logon account. Has nothing to do with standalone.
Therefore, not a "minor" quibble, considering it's the *default*.
Laura
> -----Original Message-----
> From: Devin Ganger [mailto:DevinG@3sharp.com]
> Sent: Monday, July 10, 2006 1:41 PM
> To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]; Murad Talukdar
> Cc: focus-ms@securityfocus.com
> Subject: RE: DACLS for software distribution points...
>
> At Thursday, July 06, 2006 5:38 PM, Susan Bradley, CPA aka
> Ebitz - SBS Rocks [MVP] wrote:
>
> > In the 2k3 era the Everyone group is akin to the
> Authenticated users
> > anyway since Everyone in the 2k3 era does not include the
> anon users.
>
> A minor quibble, since several folks have now all made this
> same statement.
>
> Windows XP and Windows Server 2003 do not include the
> Anonymous SID in the Everyone group membership *out of the
> box* when in standlone mode.
> However, this behavior can be configured through Group Policy
> or registry, so you can't just assume that this is the case.
>
> Those of you who doubt this are welcome to refer to KB 278259
> for details or read up on the "Network access: Let Everyone
> permissions apply to anonymous users" Group Policy setting in
> Chapter 5 of the Threats and Countermeasures Guide, which you
> can find online at:
>
> http://www.microsoft.com/technet/security/topics/serversecurit
> y/tcg/tcgc
> h05n.mspx
>
> --
> Devin L. Ganger Email: deving@3sharp.com
> 3Sharp LLC Phone: 425.882.1032 x 109
> 15311 NE 90th Street Cell: 425.239.2575
> Redmond, WA 98052 Fax: 425.702.8455
> (e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic