Home page logo
/

basics logo Security Basics mailing list archives

RE: Funny Windows 2k3 Security "Feature"
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 16 Mar 2006 22:17:53 -0500

Set up IIS, set to anonymous logons, with WebDAV enabled.  That will
work for sure, if your end-users don't mind the http interface.

-----Original Message-----
From: Jon Gucinski [mailto:gucinski () gmail com] 
Sent: Thursday, March 16, 2006 11:43 AM
To: kevinlh () hotmail com; security-basics () securityfocus com
Subject: Re: Funny Windows 2k3 Security "Feature"

allow anonymous logon and network access to the share.  That should take
care of it.

Granted, this is as INsecure as something gets...but hey, its your net.

On 15 Mar 2006 18:18:20 -0000, kevinlh () hotmail com <kevinlh () hotmail com>
wrote:
I have a mobile unit of servers that are basically file storage for
wifi laptops. The people that use the systems want to push a button and
have everything work. Don't want a domain, don't want passwords, just
want a central file system that everyone can rwxd. So I fired up MMC and
added Security Analysis and Configuration... and turned on anonymous
access to shares, enabled blank passwords for non-console users, enabled
guest, etc. I set guest password blank, and theoretically i should brose
to \\unsecuredserver\sharename and not be prompted for a password right?
WRONG! No matter what combination of Local Sec Policies I set, I am
always promted for a password. I was sure there was a way around it, but
none that I have found. I ALWAYS have to type guest, and apparently this
is too difficult for some people. <shrug> Any ideas?

----------------------------------------------------------------------
----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity 
Planning, Computer Emergency Response Teams, and Digital
Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------
-----



------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]