OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Hall, Randy (randy.hall_at_intel.com)
Date: Fri Jan 24 2003 - 11:27:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I thought I would weigh in on this discussion, mostly because I see some
    dangerous assertions being made.

    A very good web article that clears the distinction between Everyone,
    Users, and Authenticated Users is at:

    http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=23581

    I read it and agree with its findings.

    Cheers,

    --R 

    --
Randy Hall MCSA, MCSE (randy.hallintel.com)
Network/Web Manager, Corporate Demos
Intel Corporation, Santa Clara, CA USA
All views expressed herein are MINE MINE MINE!!!

    -----Original Message-----
From: Laura A. Robinson [mailto:larobinsbellatlantic.net] 
Sent: Friday, January 24, 2003 5:35 AM
To: 'Shane Brooks'; 'Williamson, Scott'; focus-mssecurityfocus.com
Subject: RE: Bypass Traverse Checking?

    As an additional item, since I've been challenged on this one via
e-mail, I
would encourage reading of this:

    http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?u
rl=/
windows2000/techinfo/reskit/en-us/distrib/dsbc_nar_lmxa.asp

    or

    http://tinyurl.com/4ubt

    Particularly this:
"Note
For anonymous access to be available for Internet users, anonymous
access
must be enabled on the Internet Information Services (IIS) Web server."

    Again, note that Authenticated users does _not_ include anonymous.

    Laura

    > -----Original Message-----
> From: Shane Brooks [mailto:shanefloridacomputerservices.com] 
> Sent: Monday, January 20, 2003 7:11 PM
> To: Williamson, Scott; focus-mssecurityfocus.com
> Subject: Re: Bypass Traverse Checking?
> 
> 
> You should definately make this change.  If anything, the 
> other admin is confusing Anonymous access of web-pages by the 
> IUSR_[computername] account. However, IIS manages the 
> password of this account automatically and the account is 
> therefore a member of "Authenticated Users", since IIS 
> authenticates every page as IUSR automatically if Anonymous 
> access is enabled.  The only account that is affected by 
> Everyone is the guest account which is disabled by default. 
> Hope this helps, Shane
> ----- Original Message -----
> From: "Williamson, Scott" <scott.williamsonhtcinc.net>
> To: <focus-mssecurityfocus.com>
> Sent: Wednesday, January 15, 2003 1:10 PM
> Subject: Bypass Traverse Checking?
> 
> 
> > I'm working on procedures for servers in our organization.  I keep 
> > coming across the recommendation to set the following on a Windows 
> > 2000 Server.
> My
> > problem is I have another administrator who believes this 
> could cause 
> > problems in IIS.  What are the lists opinions?  Anyone heard of this
> causing
> > problems?
> >
> > User Rights Assignment - Set "Bypass Traverse Checking" - Remove 
> > Everyone and Replace with Authenticated Users.
> >
> > Thanks in advance for your time,
> >
> > Michael Scott Williamson
> > Systems Administrator
>