Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Default XP Rights

Posted on 2002-04-04
Medium Priority
Last Modified: 2010-04-13
Lets say I have a NT domain called ntdomain and a XP notebook with a machine name of xpmachine and a login name of newuser.

Are the following statements correct?
I can login with newuser to either xpmachine or ntdomain and they are completely different logins with different desktops.

If I want to logon to xpmachine with the username newuser the username newuser has to exist on the local machine.

If I want to logon to ntdomain with the username newuser the username newuser has to exist on the NT domain.

If I only want to login to ntdomain then the username newuser does not have to exist on the local host.

So finally the questions?
If I logon with the username newuser to the domain ntdomain and the username newuser does not exist on the local domain I can still access the loca C: drive. I must have some sort of default rights, what are they.

Is this a security hole? Can I create a bogus NT/2K server connect this notebook logon to the new domain and see portions of the local harddrive not knowing any usernames or passwords of the local computer?

Question by:davidpm
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Author Comment

ID: 6920013
Oops one more question.
If this is a notebook and sometimes the user is network connected and sometimes not do I really need to keep two totally seperate desktops and manually sync them every?
How do you set it so either way he has what he needs?

LVL 12

Accepted Solution

pjknibbs earned 600 total points
ID: 6920219
All your statements are unquestionably correct.

As for the questions: the default rights for all files outside Documents and Settings are either read/write or read only for EVERYBODY who successfully logs on to the laptop, regardless of how they do it (apart from possibly some system-accessible files in the Windows directory). In Documents and Settings there is a separate folder for each user who has ever logged on to the machine, and these folders are set up so ONLY that user has rights to them. Therefore someone who just created some sort of spoof logon could not read some other user's personal files.

However, this would not be a security hole anyway, because in order to join the XP laptop to your "spoofed" domain a user would have to have local administrator rights on the laptop--and if they've got that anyway, what do they need to fiddle around with domains for? They already have access to everything on the machine!

I'm not sure of the answer to your second question--it might be possible using group policy settings. You can take a look at these by doing Start->Run and typing GPEDIT.MSC in the box.

Expert Comment

ID: 6955950
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.

*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643 
POINTS FOR EXPERTS awaiting comments are listed here -> http://www.experts-exchange.com/commspt/Q.20277028.html
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
Thank you everyone.
Moderator @ Experts Exchange

Expert Comment

ID: 6960903
Thank you for returning and finalizing this question.
Moondancer - EE Moderator

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We live in a world of interfaces like the one in the title picture. VBA also allows to use interfaces which offers a lot of possibilities. This article describes how to use interfaces in VBA and how to work around their bugs.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question