OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Shane Brooks (shane_at_floridacomputerservices.com)
Date: Fri Jan 24 2003 - 07:22:03 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Everyone includes everyone, from guest to Administrator. The point was that
    Authenticated Users don't include Guest and Everyone does. So you should
    replace Everyone with Authenticated Users. AFAIK, there is no 'Anonymous'
    account, but anonymous access authenticated as IUSR.

    Shane
    > ----- Original Message -----
    > From: "Laura A. Robinson" <larobinsbellatlantic.net>
    > To: "'Shane Brooks'" <shanefloridacomputerservices.com>; "'Williamson,
    > Scott'" <scott.williamsonhtcinc.net>; <focus-mssecurityfocus.com>
    > Sent: Friday, January 24, 2003 2:35 AM
    > Subject: RE: Bypass Traverse Checking?
    >
    >
    > Everyone also affects Anonymous- In Windows 2000 and earlier, Everyone
    > includes the Anonymous account. In Windows Server 2003, there is a
    > separation of the Anonymous account from the Everyone group. Where there
    > would be an effect from this is in establishment of null connections to
    > servers- null connection settings relate to what can be done with
    > "unidentified" connections.
    >
    > As a side note, RestrictAnonymous=2 is no longer supported in Windows
    Server
    > 2003.
    >
    > Laura
    >
    > > -----Original Message-----
    > > From: Shane Brooks [mailto:shanefloridacomputerservices.com]
    > > Sent: Monday, January 20, 2003 7:11 PM
    > > To: Williamson, Scott; focus-mssecurityfocus.com
    > > Subject: Re: Bypass Traverse Checking?
    > >
    > >
    > > You should definately make this change. If anything, the
    > > other admin is confusing Anonymous access of web-pages by the
    > > IUSR_[computername] account. However, IIS manages the
    > > password of this account automatically and the account is
    > > therefore a member of "Authenticated Users", since IIS
    > > authenticates every page as IUSR automatically if Anonymous
    > > access is enabled. The only account that is affected by
    > > Everyone is the guest account which is disabled by default.
    > > Hope this helps, Shane
    > > ----- Original Message -----
    > > From: "Williamson, Scott" <scott.williamsonhtcinc.net>
    > > To: <focus-mssecurityfocus.com>
    > > Sent: Wednesday, January 15, 2003 1:10 PM
    > > Subject: Bypass Traverse Checking?
    > >
    > >
    > > > I'm working on procedures for servers in our organization. I keep
    > > > coming across the recommendation to set the following on a Windows
    > > > 2000 Server.
    > > My
    > > > problem is I have another administrator who believes this
    > > could cause
    > > > problems in IIS. What are the lists opinions? Anyone heard of this
    > > causing
    > > > problems?
    > > >
    > > > User Rights Assignment - Set "Bypass Traverse Checking" - Remove
    > > > Everyone and Replace with Authenticated Users.
    > > >
    > > > Thanks in advance for your time,
    > > >
    > > > Michael Scott Williamson
    > > > Systems Administrator
    > >
    >
    >