Encode or encrypt? Btw, did you know your emails seem to be coming through multiple times-and it's happening for David LeBlanc as well. Is the list having a moment?
Thanks for the info. > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >On Behalf Of Kevin > >Sent: Friday, June 13, 2008 12:34 PM > >To: Murda Mcloud > >Cc: [email protected] > >Subject: Re: default for requiring authentication 2003 > > > >Don't forget about the "Allow anonymous enumeration of SAM Accounts and > >Shares" under the security -> Network Access setting. If this is > >disabled (or not allowed) then the "everyone" permissions only applies > >to authenticated users. I have scripts that prep a machine post image > >(ghosting) and in doing so must connect to server shares. At my company > >we have the setting above disabled via GPO on all servers and I must use > >an encoded vbs to do: > >*objShell.run net use \\sever\share password /user:domain\user * > >before I can access the share... however like everyone has said before, > >by default this setting is not configured so everyone (including non > >authenticated users) can access the data. But I must wonder why in the > >world you'd fire up a server without having this in a default server > >GPO. Tisk Tisk > > > >P.S. > >I encode the vbs files since a password and user are stored in it. > > > >Murda Mcloud wrote: > >> Thanks to all for the clarification and the links. He sounded so > >convinced > >> that I doubted myself. > >> > >> Kurt wrote; > >> > >>>> Your nemesis is thinking of older versions of Windows. > >>>> > >> > >> Bwahaha! Moriarty is foiled again...through the deductive powers of the > >> security focus list... > >> > >> > >>>> -----Original Message----- > >>>> From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] > >>>> On Behalf Of Kurt Dillard > >>>> Sent: Friday, June 13, 2008 2:39 AM > >>>> To: 'Murda Mcloud'; [email protected] > >>>> Subject: RE: default for requiring authentication 2003 > >>>> > >>>> Murda, > >>>> You are correct, in Windows XP, 2003, and later the Everyone group > >only > >>>> includes Authenticated Users, it no longer includes Anonymous Users. > >You > >>>> can > >>>> change this but Microsoft strongly recommends against doing so. Your > >>>> nemesis > >>>> is thinking of older versions of Windows. > >>>> > >>>> Kurt > >>>> > >>>> -----Original Message----- > >>>> From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] > >>>> On > >>>> Behalf Of Murda Mcloud > >>>> Sent: Wednesday, June 11, 2008 11:45 PM > >>>> To: [email protected] > >>>> Subject: default for requiring authentication 2003 > >>>> > >>>> > >>>> I'm having a debate with someone over whether a 2003 server by > >default > >>>> (OOB)forces someone to authenticate(whether to a DC or to the server > >>>> itself > >>>> if standalone) before allowing access to files. > >>>> > >>>> > >>>> > >>>> He seems to think that the default is that no authentication is > >required > >>>> and > >>>> consequently anyone could rock up and connect a laptop to a network > >with > >>>> that server on it and get access to files on it-as the EVERYONE group > >is > >>>> given read permissions to new folders etc. > >>>> > >>>> > >>>> > >>>> I say he is wrong but am looking hard to find something to back me > >up. > >>>> > >>>> I understand that the guest account could access files as it is part > >of > >>>> the > >>>> EVERYONE group but it's disabled by default-but still, there is an > >>>> authentication process for guest to login > >>>> > >>>> > >>>> > >> > >> > >> > >>
