It’s on a 2k3 DFS share. The FRS service, running as System needs to write to the share, but everyone else only has read.
-----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, June 13, 2011 2:55 PM To: NT System Admin Issues Subject: Re: User accounts for shared folders Why would you do that, when System isn't supposed to be able to talk to shares? Has something changed drastically in later versions of of Windows, that is, after Win2k3? On Mon, Jun 13, 2011 at 12:45, Crawford, Scott <crawfo...@evangel.edu> wrote: > System on share permissions may be rare, but its certainly not out of the > question. I've got share permissions that specify System. > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Monday, June 13, 2011 2:42 PM > To: NT System Admin Issues > Subject: Re: User accounts for shared folders > > On Mon, Jun 13, 2011 at 10:57, Tammy Stewart <copper...@personainternet.com> > wrote: >> Ran into something interesting today t-shooting a virus issue on a network. >> >> On every share there is no system account listed. Only Domain admins >> & domain users. >> >> My google kung-fu seems to be lacking today but is there >> anything/reason why the system account would not show up? >> >> System account does exist on the machine – non shared directories have it. >> Just the shares that seem affected. >> >> Windows 2003 domain (if that makes any difference) >> >> Not just the system with infected files on the shares – all the >> servers are like this including clean ones (that have not been >> touched by the virus yet) >> >> Anyone have any kb articles or something I can look at that would >> explain this? (and hopefully put them back to normal) >> >> Thanks! >> >> Tammy > > When you say that the share doesn't list the System account - do you mean the > Share permissions, or the NTFS permissions? > > Shares never list System for permissions, AFAIK. > > If the NTFS permissions for System have been deleted on the directories that > are shared, that's either a conscious action by someone with Full Control > permissions listed in an ACE on the directory, or else it's something that > the malware did. If a person at the firm did that, I'd say it's a big mistake > - well, unless they are doing something unusual, like setting up an FTP > server. > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
