Home > IT Answers > Security > Improper user rights?
Help

Question

Asked:
Asked By:
Apr 9 2008   5:56 PM GMT
Windows Security ATE   160 pts.

Improper user rights?


Windows Security, User Permissions, User rights

We are running a mixed environment of Windows XP workgroup users and domain users. The XP users are logging in as "user" with user rights. For some reason, the XP workgroup users can browse, open and modify files on the network domain servers. Why would this be happening if they are not on the domain and are not administrative users?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Apr 10 2008  6:22 PM GMT  by Dwiebesick   1465 pts.




You have the NTFS security permissions set incorrectly on your domain files/folders. What server software version are you running?

First place to check is share permissions. To keep it simple, set the share permission to Everyone Full Control. You then restrict access by using NTFS. Basically in a small company (you said you were in mixed domain and workgroup), I would give administrators full control, system full control, and then select which security groups should have other rights to the files/folders.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

KevinBeaver   3540 pts.  |   Apr 16 2008  4:16PM GMT

This is a good example of how unstructured information goes unprotected and ultimately gets abused. Be careful giving full control to the share for everyone. You may have share names that people don’t even need to see (i.e. they may see what it is and try to access it via other means). Make sure your permissions apply only to domain users.