Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: DACLS for software distribution points...

from [Laura A. Robinson] Network Security [Permanent Link]
Subject: RE: DACLS for software distribution points...
Date: Mon, 10 Jul 2006 12:47:19 -0400 
Domain Users != Authenticated Users. If you use Domain Users for the DACL,
users (and computers) from any other domain in the forest will not be able
to access the share. In a single-domain environment or when you only want
one domain to be able to access the share, this is fine, but otherwise,
using Authenticated Users may be a better approach.

Having said that, we've had many, many discussions on this list about the
exact differences between the Everyone group and the Authenticated Users
group, and the reality is very likely that you're just increasing your
maintenance without increasing security, depending on the composition of the
domain in question (e.g., Win2K3 versus Win2K versus NTSP4+ versus NTSP4-,
etc.). The difference between the two groups may simply be the built in
Guest account and nothing else.

Laura


-----Original Message-----
From: Jeffrey Wei [mailto:jeffrey.wei@cubic.com] 
Sent: Thursday, July 06, 2006 6:29 PM
To: focus-ms@securityfocus.com
Cc: talukdar_m@subway.com
Subject: RE: DACLS for software distribution points...

What I normally do is remove the "Everyone" and replace it 
with "Domain Users".. which in itself means that it will have 
to be authenticated users before they can read file folders only.  

Not sure how everyone else does it?

Jeffrey Wei

-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com]
Sent: Wednesday, July 05, 2006 6:02 PM
To: focus-ms@securityfocus.com
Subject: DACLS for software distribution points...

Hi all,
MS says in this article that the DACLS for software 
distribution points should be EVERYONE: READ and 
Administrator: Full Control, Change, Read.

http://technet2.microsoft.com/WindowsServer/en/Library/45a873d
d-660d-4de
6-aa
c4-8a03974796121033.mspx?mfr=true

Why shouldn't the EVERYONE be removed and replaced with 
Authenticated Users?
I was thinking of doing this and can't really see any adverse impact.

Kind Regards
Murad Talukdar


 



--------------------------------------------------------------
----------
---
--------------------------------------------------------------
----------
---

---
[This E-mail scanned for Spam and Viruses by 
http://www.innovationnetworks.ca]


--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DACLS for software distribution points..., Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Date:  RE: DACLS for software distribution points..., Laura A. Robinson
Previous by Thread:  RE: DACLS for software distribution points..., Jeffrey Wei
Next by Thread:  RE: DACLS for software distribution points..., Murad Talukdar
Indexes:  [Date] [Thread] [Top] [All Lists]