Home page logo

basics logo Security Basics mailing list archives

Re: Funny Windows 2k3 Security "Feature"
From: mattmurphy () kc rr com
Date: 20 Mar 2006 08:09:14 -0000

The mistake I think you're making is that Guest is not the same as "anonymous", where there is no logon.  In order for 
that to work, you need to allow the anonymous users SID "Full Control" to the share.

To do this, set the permissions for "ANONYMOUS LOGON" to Full Control on both the share and the underlying NTFS folder.

You have a couple of other options:

1. If the user will use the same laptop and the same user account on that laptop to access the file share at all times, 
you could set up a full username and password system and simply persistently-map the shared folder as a drive on the 
laptops.  I'd recommend this, as it's a maximum no-hassle solution and would allow you to implement some type of 
auditing and share-level permissions to keep users from touching each other's stuff if that's desired.

2. Enable "Simple File Sharing".  In that case, Guest is always used to authenticate, regardless of the user's actual 
identity.  I'm not sure (as I've never used the feature) if that needs to be done on clients or the server, so you'd 
have to experiment to identify that detail.

NOTE: Please contact me off-list with questions.

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]