Solved

Windows 2003 security issue

Posted on 2008-06-23
11
160 Views
Last Modified: 2013-12-04
After a new installation of Windows server 2003 (first Domain Controller) I have shared a few folders with different user rights. Everityng is working fine. All domain users have aceess to the folders that they suppose to have. But when I got connected a laptop to my wireless part of the network and this laptop is not part of this domain, and login to this laptop with any local username. I'm able to browse to all shared folders on my server. Any idea why is this and how to preven it.
Thanks for the help!  
0
Comment
Question by:tombbonb
11 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849293
Do you have the guest or Anonymous logon granting any access?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21849334
If the shares on the server are granted access for the Guest or Anonymous accounts, then that will be one problem.

If the laptop has a local user account which happens to have exactly the same username and password as one of the domain user accounts, that will automatically grant the laptop access.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849460
TigerMatt,

That is the first time I have ever heard that you can do that since Security Identifier (SID) are created for every account even if the account has the same name it will still get a different SID for domain or local accounts.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 58

Expert Comment

by:tigermatt
ID: 21849567
Yes - the method of same user account on two workstations/networks is a widely publicised method for doing auto-login between two separate computer systems. Surprisingly, it works very well.

It's commonly used for peer-to-peer networks where each workstation has the same user accounts and passwords, but works with servers and laptops/PCs not on the domain just as well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21849681
Now I vaguely remember this might be available in peer to peer but not domain environment. Do you have any documentation that I could look over to get familiar with this?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21849695
I've used it in domain environments before, so I know it can be done :-)
I can't find any docs to say this - I'll check again but a quick search didn't turn anything up. I think it's just a case of one of those things you just "know" it can be done, once you've done it yourself. I don't even know if Microsoft publicise it themselves...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22102612
I think the points need to be split.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22103355
Well actually I'm waiting for the confirmation that it can be done.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22226342
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question