There should be no problem removing the Guest user account from the Domain
User and Domain Guests groups.

The IUSR_MACHINE and IWAM_MACHINE accounts are used by/for IIS. If you have
disabled or are not using IIS, then removing them from those groups will not
affect anything.

Rick Smith
MCSE+I, MCSE (W2K), GCWN

-----Original Message-----
From: Perikles P. Mourikis [mailto:mourikisdreamtech.gr]
Sent: Monday, June 03, 2002 0721
To: focus-mssecurityfocus.com
Subject: SBS 2000 accounts security settings

I have noticed that Microsoft's product Small Business Server 2000 (SBS
2000) has the "Guest" template group being a member of Domain Guests ,
Guests and Domain Users.

Also ISR_MACHINE and IWAM_MACHINE are members of Domain Users and Guests.

Does anybody knows any known issues with removing the Domain Users
membership from these accounts?

Are there any known exploits of this configuration? (assuming the SBS 2000
is patched properly...)

TIA

Perikles

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]