Solved

Default XP Rights

Posted on 2002-04-04
4
141 Views
Last Modified: 2010-04-13
Lets say I have a NT domain called ntdomain and a XP notebook with a machine name of xpmachine and a login name of newuser.

Are the following statements correct?
I can login with newuser to either xpmachine or ntdomain and they are completely different logins with different desktops.

If I want to logon to xpmachine with the username newuser the username newuser has to exist on the local machine.

If I want to logon to ntdomain with the username newuser the username newuser has to exist on the NT domain.

If I only want to login to ntdomain then the username newuser does not have to exist on the local host.

So finally the questions?
If I logon with the username newuser to the domain ntdomain and the username newuser does not exist on the local domain I can still access the loca C: drive. I must have some sort of default rights, what are they.

Is this a security hole? Can I create a bogus NT/2K server connect this notebook logon to the new domain and see portions of the local harddrive not knowing any usernames or passwords of the local computer?









0
Comment
Question by:davidpm
  • 2
4 Comments
 

Author Comment

by:davidpm
ID: 6920013
Oops one more question.
If this is a notebook and sometimes the user is network connected and sometimes not do I really need to keep two totally seperate desktops and manually sync them every?
time.
How do you set it so either way he has what he needs?

0
 
LVL 12

Accepted Solution

by:
pjknibbs earned 150 total points
ID: 6920219
All your statements are unquestionably correct.

As for the questions: the default rights for all files outside Documents and Settings are either read/write or read only for EVERYBODY who successfully logs on to the laptop, regardless of how they do it (apart from possibly some system-accessible files in the Windows directory). In Documents and Settings there is a separate folder for each user who has ever logged on to the machine, and these folders are set up so ONLY that user has rights to them. Therefore someone who just created some sort of spoof logon could not read some other user's personal files.

However, this would not be a security hole anyway, because in order to join the XP laptop to your "spoofed" domain a user would have to have local administrator rights on the laptop--and if they've got that anyway, what do they need to fiddle around with domains for? They already have access to everything on the machine!

I'm not sure of the answer to your second question--it might be possible using group policy settings. You can take a look at these by doing Start->Run and typing GPEDIT.MSC in the box.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6955950
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20000304.html
http://www.experts-exchange.com/questions/Q.20113808.html
http://www.experts-exchange.com/questions/Q.20236268.html
http://www.experts-exchange.com/questions/Q.20264500.html
http://www.experts-exchange.com/questions/Q.20264487.html
http://www.experts-exchange.com/questions/Q.20285128.html
http://www.experts-exchange.com/questions/Q.20274759.html
http://www.experts-exchange.com/questions/Q.20285607.html
http://www.experts-exchange.com/questions/Q.20285652.html
http://www.experts-exchange.com/questions/Q.20285886.html
http://www.experts-exchange.com/questions/Q.20285140.html




*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643 
POINTS FOR EXPERTS awaiting comments are listed here -> http://www.experts-exchange.com/commspt/Q.20277028.html
 
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6960903
Thank you for returning and finalizing this question.
Moondancer - EE Moderator
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
kerberos errors 7 552
Application Deployment 2 264
Group Policy 9 560
Software to report on NTFS folder permissions? 2 490
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question