Solved

Windows 2003 security issue

Posted on 2008-06-23
11
170 Views
Last Modified: 2013-12-04
After a new installation of Windows server 2003 (first Domain Controller) I have shared a few folders with different user rights. Everityng is working fine. All domain users have aceess to the folders that they suppose to have. But when I got connected a laptop to my wireless part of the network and this laptop is not part of this domain, and login to this laptop with any local username. I'm able to browse to all shared folders on my server. Any idea why is this and how to preven it.
Thanks for the help!  
0
Comment
Question by:tombbonb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849293
Do you have the guest or Anonymous logon granting any access?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21849334
If the shares on the server are granted access for the Guest or Anonymous accounts, then that will be one problem.

If the laptop has a local user account which happens to have exactly the same username and password as one of the domain user accounts, that will automatically grant the laptop access.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849460
TigerMatt,

That is the first time I have ever heard that you can do that since Security Identifier (SID) are created for every account even if the account has the same name it will still get a different SID for domain or local accounts.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 58

Expert Comment

by:tigermatt
ID: 21849567
Yes - the method of same user account on two workstations/networks is a widely publicised method for doing auto-login between two separate computer systems. Surprisingly, it works very well.

It's commonly used for peer-to-peer networks where each workstation has the same user accounts and passwords, but works with servers and laptops/PCs not on the domain just as well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849681
Now I vaguely remember this might be available in peer to peer but not domain environment. Do you have any documentation that I could look over to get familiar with this?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21849695
I've used it in domain environments before, so I know it can be done :-)
I can't find any docs to say this - I'll check again but a quick search didn't turn anything up. I think it's just a case of one of those things you just "know" it can be done, once you've done it yourself. I don't even know if Microsoft publicise it themselves...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22102612
I think the points need to be split.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22103355
Well actually I'm waiting for the confirmation that it can be done.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22226342
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question