Everyone also affects Anonymous- In Windows 2000 and earlier, Everyone
includes the Anonymous account. In Windows Server 2003, there is a
separation of the Anonymous account from the Everyone group. Where there
would be an effect from this is in establishment of null connections to
servers- null connection settings relate to what can be done with
"unidentified" connections.

As a side note, RestrictAnonymous=2 is no longer supported in Windows Server
2003.

Laura

> -----Original Message-----
> From: Shane Brooks [mailto:shanefloridacomputerservices.com]
> Sent: Monday, January 20, 2003 7:11 PM
> To: Williamson, Scott; focus-mssecurityfocus.com
> Subject: Re: Bypass Traverse Checking?
>
>
> You should definately make this change. If anything, the
> other admin is confusing Anonymous access of web-pages by the
> IUSR_[computername] account. However, IIS manages the
> password of this account automatically and the account is
> therefore a member of "Authenticated Users", since IIS
> authenticates every page as IUSR automatically if Anonymous
> access is enabled. The only account that is affected by
> Everyone is the guest account which is disabled by default.
> Hope this helps, Shane
> ----- Original Message -----
> From: "Williamson, Scott" <scott.williamsonhtcinc.net>
> To: <focus-mssecurityfocus.com>
> Sent: Wednesday, January 15, 2003 1:10 PM
> Subject: Bypass Traverse Checking?
>
>
> > I'm working on procedures for servers in our organization. I keep
> > coming across the recommendation to set the following on a Windows
> > 2000 Server.
> My
> > problem is I have another administrator who believes this
> could cause
> > problems in IIS. What are the lists opinions? Anyone heard of this
> causing
> > problems?
> >
> > User Rights Assignment - Set "Bypass Traverse Checking" - Remove
> > Everyone and Replace with Authenticated Users.
> >
> > Thanks in advance for your time,
> >
> > Michael Scott Williamson
> > Systems Administrator
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]