|
Posted by Dil on September 17, 2008, 7:20 am
Please log in for more thread options
>
>
>
>
> > Hi all,
>
> > I just saw something strange here that I hope you guys can answer. We
> > have an active directory with a 2003 file server. Server admins group has
> > full permssions to all shares on the server and this permission flows into
> > sub folders and files. Permissions on shares and sub folders are assigned
> > to certain groups and users. From a workstation when I log in as local
> > administrator I can browse the shares and all sub folders and files on the
> > shares on file server. Still from the workstation as local admin I am
> > able to open a file in a share that belong to a manager; it lets me change
> > the content of the file, even create new files. Open computer management
> > on the server, I see the file is being read-write by user Administrator.
>
> > Why does the server think the workstation's administrator as its
> > administrator and give the workstation's administrator full access? If I
> > remove server admins group from security tab of the shares/folders, the
> > workstation's administrator is denied access to the shares/folders.
>
> Rename your accounts so the the names are different on the different
> machines (fileserver vs workstation) and use different passwords.
> It sounds like you think the share is made available on a connection
> in context of workstation\administrator, but that is not possible since
> workstation\administrator is not recognized by fileserver, so most
> likely you are actually connected as fileserver\administrator.
>
> Roger
One good reason is, it will behave so if you have some password for
fileserver\administrator and workstation\administrator. I think there
is a slight issue there in the way NTLM authentication works.
Dileep.
| 
XML Sitemap