Default XP Rights

Posted on 2002-04-04
Last Modified: 2010-04-13
Lets say I have a NT domain called ntdomain and a XP notebook with a machine name of xpmachine and a login name of newuser.

Are the following statements correct?
I can login with newuser to either xpmachine or ntdomain and they are completely different logins with different desktops.

If I want to logon to xpmachine with the username newuser the username newuser has to exist on the local machine.

If I want to logon to ntdomain with the username newuser the username newuser has to exist on the NT domain.

If I only want to login to ntdomain then the username newuser does not have to exist on the local host.

So finally the questions?
If I logon with the username newuser to the domain ntdomain and the username newuser does not exist on the local domain I can still access the loca C: drive. I must have some sort of default rights, what are they.

Is this a security hole? Can I create a bogus NT/2K server connect this notebook logon to the new domain and see portions of the local harddrive not knowing any usernames or passwords of the local computer?

Question by:davidpm
  • 2

Author Comment

Comment Utility
Oops one more question.
If this is a notebook and sometimes the user is network connected and sometimes not do I really need to keep two totally seperate desktops and manually sync them every?
How do you set it so either way he has what he needs?

LVL 12

Accepted Solution

pjknibbs earned 150 total points
Comment Utility
All your statements are unquestionably correct.

As for the questions: the default rights for all files outside Documents and Settings are either read/write or read only for EVERYBODY who successfully logs on to the laptop, regardless of how they do it (apart from possibly some system-accessible files in the Windows directory). In Documents and Settings there is a separate folder for each user who has ever logged on to the machine, and these folders are set up so ONLY that user has rights to them. Therefore someone who just created some sort of spoof logon could not read some other user's personal files.

However, this would not be a security hole anyway, because in order to join the XP laptop to your "spoofed" domain a user would have to have local administrator rights on the laptop--and if they've got that anyway, what do they need to fiddle around with domains for? They already have access to everything on the machine!

I'm not sure of the answer to your second question--it might be possible using group policy settings. You can take a look at these by doing Start->Run and typing GPEDIT.MSC in the box.

Expert Comment

Comment Utility
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.

*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link
POINTS FOR EXPERTS awaiting comments are listed here ->
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
Thank you everyone.
Moderator @ Experts Exchange

Expert Comment

Comment Utility
Thank you for returning and finalizing this question.
Moondancer - EE Moderator

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now