To be frank, I think your instructor may need to brush up a bit, since the Everyone group hasn't included "everyone" (and more specifically, the Anonymous Logon account) since Windows 2003 was released. In 2003...
;-) Laura > -----Original Message----- > From: Murad Talukdar [mailto:[EMAIL PROTECTED] > Sent: Monday, July 10, 2006 10:47 PM > To: [EMAIL PROTECTED]; 'Jeffrey Wei'; > [email protected] > Subject: RE: DACLS for software distribution points... > > The question arose in my mind during a recent SANS course > where the instructor bemoaned the fact that the EVERYONE > group was just that-EVERYONE. > Now the caveat mentioned that the EVERYONE group is more > secure than it USED to be was not mentioned(I don't think > think it was and I can't find it in the SANS coursework > either). It became highlighted this week as I'm setting up > some new software distro points. Which just shows me that > things change all the time and no-one can keep up with everything. > > Sorry Susan-I got confused here; > >>Look at the last batch of patches and while the 2000's can' > be nailed > from anon connections > > can' or can't? Didn't know if a 't' got missed off here. > > > Regards > Murad Talukdar > > -----Original Message----- > From: Laura A. Robinson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 11, 2006 2:47 AM > To: 'Jeffrey Wei'; [email protected] > Cc: [EMAIL PROTECTED] > Subject: RE: DACLS for software distribution points... > > Domain Users != Authenticated Users. If you use Domain Users > for the DACL, > users (and computers) from any other domain in the forest > will not be able > to access the share. In a single-domain environment or when > you only want > one domain to be able to access the share, this is fine, but > otherwise, > using Authenticated Users may be a better approach. > > Having said that, we've had many, many discussions on this > list about the > exact differences between the Everyone group and the > Authenticated Users > group, and the reality is very likely that you're just increasing your > maintenance without increasing security, depending on the > composition of the > domain in question (e.g., Win2K3 versus Win2K versus NTSP4+ > versus NTSP4-, > etc.). The difference between the two groups may simply be > the built in > Guest account and nothing else. > > Laura > > > -----Original Message----- > > From: Jeffrey Wei [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 06, 2006 6:29 PM > > To: [email protected] > > Cc: [EMAIL PROTECTED] > > Subject: RE: DACLS for software distribution points... > > > > What I normally do is remove the "Everyone" and replace it > > with "Domain Users".. which in itself means that it will have > > to be authenticated users before they can read file folders only. > > > > Not sure how everyone else does it? > > > > Jeffrey Wei > > > > -----Original Message----- > > From: Murad Talukdar [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 05, 2006 6:02 PM > > To: [email protected] > > Subject: DACLS for software distribution points... > > > > Hi all, > > MS says in this article that the DACLS for software > > distribution points should be EVERYONE: READ and > > Administrator: Full Control, Change, Read. > > > > http://technet2.microsoft.com/WindowsServer/en/Library/45a873d > > d-660d-4de > > 6-aa > > c4-8a03974796121033.mspx?mfr=true > > > > Why shouldn't the EVERYONE be removed and replaced with > > Authenticated Users? > > I was thinking of doing this and can't really see any > adverse impact. > > > > Kind Regards > > Murad Talukdar > > > > > > > > > > > > > > -------------------------------------------------------------- > > ---------- > > --- > > -------------------------------------------------------------- > > ---------- > > --- > > > > --- > > [This E-mail scanned for Spam and Viruses by > > http://www.innovationnetworks.ca] > > > > > > -------------------------------------------------------------- > > ------------- > > -------------------------------------------------------------- > > ------------- > > > > > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
