Solved

Windows 2003 security issue

Posted on 2008-06-23
11
166 Views
Last Modified: 2013-12-04
After a new installation of Windows server 2003 (first Domain Controller) I have shared a few folders with different user rights. Everityng is working fine. All domain users have aceess to the folders that they suppose to have. But when I got connected a laptop to my wireless part of the network and this laptop is not part of this domain, and login to this laptop with any local username. I'm able to browse to all shared folders on my server. Any idea why is this and how to preven it.
Thanks for the help!  
0
Comment
Question by:tombbonb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849293
Do you have the guest or Anonymous logon granting any access?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21849334
If the shares on the server are granted access for the Guest or Anonymous accounts, then that will be one problem.

If the laptop has a local user account which happens to have exactly the same username and password as one of the domain user accounts, that will automatically grant the laptop access.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849460
TigerMatt,

That is the first time I have ever heard that you can do that since Security Identifier (SID) are created for every account even if the account has the same name it will still get a different SID for domain or local accounts.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 58

Expert Comment

by:tigermatt
ID: 21849567
Yes - the method of same user account on two workstations/networks is a widely publicised method for doing auto-login between two separate computer systems. Surprisingly, it works very well.

It's commonly used for peer-to-peer networks where each workstation has the same user accounts and passwords, but works with servers and laptops/PCs not on the domain just as well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849681
Now I vaguely remember this might be available in peer to peer but not domain environment. Do you have any documentation that I could look over to get familiar with this?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21849695
I've used it in domain environments before, so I know it can be done :-)
I can't find any docs to say this - I'll check again but a quick search didn't turn anything up. I think it's just a case of one of those things you just "know" it can be done, once you've done it yourself. I don't even know if Microsoft publicise it themselves...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22102612
I think the points need to be split.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22103355
Well actually I'm waiting for the confirmation that it can be done.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22226342
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTP Servers 4 59
Better malware protection 9 51
ESXI update version 5.5.0.1623387 7 73
Moving database to a shared server 7 34
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Learn about cloud computing and its benefits for small business owners.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question