Access to shares without logon to domain

Hello Everyone,

Domain Controller = Win2k3
Client = win2k3


When I logon to my client locally I can still access shared folders on my
Domain Controller through
Network Places. My question is this....

How secure is the logon to access shared folders on my Domain Controller
when I have not logged on to my domain? Can someone explain what is
happening during the logon phase.



Thanx again,

Damian

Damian

On Tue, 15 Feb 2005 09:17:14 -0500, "Damian"
<damian@damian_damian.com> wrote:

>Hello Everyone,
>
>Domain Controller = Win2k3
>Client = win2k3
>
>
>When I logon to my client locally I can still access shared folders on my
>Domain Controller through
>Network Places. My question is this....
>
>How secure is the logon to access shared folders on my Domain Controller
>when I have not logged on to my domain? Can someone explain what is
>happening during the logon phase.
>

The user name and password that you are using on one machine exists on
the other. MS does you a favor and passes it through since they match
exactly.


>

....butch()

fygar

did you hear "Damian" <damian@damian_damian.com> say in
news:aa2dnVtwc4Mino_fRVn-:

> Hello Everyone,
>
> Domain Controller = Win2k3
> Client = win2k3
>
>
> When I logon to my client locally I can still access shared folders on
my
> Domain Controller through
> Network Places. My question is this....
>
> How secure is the logon to access shared folders on my Domain
Controller
> when I have not logged on to my domain? Can someone explain what is
> happening during the logon phase.
>
>
>
> Thanx again,
>
> Damian
>
>
>

everyone group full control?

--
Neil MCNGP #30

- That which does not kill you...really hurts!

Neil

"fygar" <> wrote in message
news:...
> On Tue, 15 Feb 2005 09:17:14 -0500, "Damian"
> <damian@damian_damian.com> wrote:
>
> >Hello Everyone,
> >
> >Domain Controller = Win2k3
> >Client = win2k3
> >
> >
> >When I logon to my client locally I can still access shared folders on my
> >Domain Controller through
> >Network Places. My question is this....
> >
> >How secure is the logon to access shared folders on my Domain Controller
> >when I have not logged on to my domain? Can someone explain what is
> >happening during the logon phase.
> >
>
> The user name and password that you are using on one machine exists on
> the other. MS does you a favor and passes it through since they match
> exactly.
>
>
> >
>
> ...butch()


I understand that it 'passes' the information along, but does it
use the same security process as longing onto a domain would provide?

Damian

You're not logging into the domain, you're passing credentials that match
known domain credentials along to a domain-member server (in your case the
DC, but could be any member-server or workstation). As far as share
permissions go - yes, you have the same permissions to the share as the
matching domain user account. This is just one of the many good reasons not
to allow users to use the same logon locally as they do for the domain.
"Everyone" refers to "All known accounts". Unknown accounts still have no
access even with "everyone - full control" selected.

That said, no domain logon ever took place, so the local user won't run a
logon script, be granted a session ticket or have any domain priveleges,
other than the specific ones granted for accessing shared resources (they
can access shares and print).

....kurt

"Damian" <damian@damian_damian.com> wrote in message
news:TsOdnSIPVd-u6I_fRVn-...
>
> "fygar" <> wrote in message
> news:...
> > On Tue, 15 Feb 2005 09:17:14 -0500, "Damian"
> > <damian@damian_damian.com> wrote:
> >
> > >Hello Everyone,
> > >
> > >Domain Controller = Win2k3
> > >Client = win2k3
> > >
> > >
> > >When I logon to my client locally I can still access shared folders on
my
> > >Domain Controller through
> > >Network Places. My question is this....
> > >
> > >How secure is the logon to access shared folders on my Domain
Controller
> > >when I have not logged on to my domain? Can someone explain what is
> > >happening during the logon phase.
> > >
> >
> > The user name and password that you are using on one machine exists on
> > the other. MS does you a favor and passes it through since they match
> > exactly.
> >
> >
> > >
> >
> > ...butch()
>
>
> I understand that it 'passes' the information along, but does it
> use the same security process as longing onto a domain would provide?
>
>

Kurt

this is a security hole that is a great asset when teaching acls classes
(renamed now but still the self-paced learning kits).
it's an easy hole to close if you pay attention when setting up accts.

Mike
Check register com for the truth about the onslaught of copulating robots.


"Damian" <damian@damian_damian.com> wrote in message
news:aa2dnVtwc4Mino_fRVn-...
> Hello Everyone,
>
> Domain Controller = Win2k3
> Client = win2k3
>
>
> When I logon to my client locally I can still access shared folders on my
> Domain Controller through
> Network Places. My question is this....
>
> How secure is the logon to access shared folders on my Domain Controller
> when I have not logged on to my domain? Can someone explain what is
> happening during the logon phase.
>
>
>
> Thanx again,
>
> Damian
>
>

MikeF