I have a folder shared out on a Windows 2003 Enterprise Edition server. The server is a member of a 2003 AD. I can't say for sure if the server is in 2003 native mode, but I'm pretty sure it is. I don't think it matters for this question though, but I'm not sure so I will give the info I have.
The share is set up as such:
Share Permissions: "Everyone" group has Read permissions
NTFS Security Permissions: "Administrators" inherit full control, "Everyone" group has been explicitly granted allow read & execute, list contents and read permissions. Users inherit Read & Execute, List Contents and Read. SYSTEM has full control. Creator Owner is listed but is not explicitly granted any permissions (allow or deny).
There are no other entries in either the ACL or the Share permission setup.
When I am logged in as any domain user, I can access the share just fine by typing in \\server\share
However, if I log in as a local user account (the local administrator account on a machine for example), I am prompted for a password when accessing the share.
The "everyone" permissions are not inherited. There is not Access Control Entry in the root of the drive for "everyone"...just in my shared folder.
I can get into the share once I put in any domain credentials, but I'm very confused by this..."Everyone" read permissions means EVERYONE can access it, right? If I wanted to require authentication I would put in "Authenticated Users" or "Domain Users" or other domain security groups or users I want to grant access to.
I'm pretty familiar with file shares and NTFS security permissions, but I've never run into a situation where I was prompted for a password with "Everyone" in the access control list. Anyone shine any light on this for me?