Re: Access to shares without logon to domain by Kurt
Kurt
Tue Feb 15 20:49:34 CST 2005
You're not logging into the domain, you're passing credentials that match
known domain credentials along to a domain-member server (in your case the
DC, but could be any member-server or workstation). As far as share
permissions go - yes, you have the same permissions to the share as the
matching domain user account. This is just one of the many good reasons not
to allow users to use the same logon locally as they do for the domain.
"Everyone" refers to "All known accounts". Unknown accounts still have no
access even with "everyone - full control" selected.
That said, no domain logon ever took place, so the local user won't run a
logon script, be granted a session ticket or have any domain priveleges,
other than the specific ones granted for accessing shared resources (they
can access shares and print).
...kurt
"Damian" <damian@damian_damian.com> wrote in message
news:TsOdnSIPVd-u6I_fRVn-vw@rogers.com...
>
> "fygar" <cpudoc10@hotmail.com> wrote in message
> news:fk1411dfa0330rmgifjug17gjmhq88ftej@4ax.com...
> > On Tue, 15 Feb 2005 09:17:14 -0500, "Damian"
> > <damian@damian_damian.com> wrote:
> >
> > >Hello Everyone,
> > >
> > >Domain Controller = Win2k3
> > >Client = win2k3
> > >
> > >
> > >When I logon to my client locally I can still access shared folders on
my
> > >Domain Controller through
> > >Network Places. My question is this....
> > >
> > >How secure is the logon to access shared folders on my Domain
Controller
> > >when I have not logged on to my domain? Can someone explain what is
> > >happening during the logon phase.
> > >
> >
> > The user name and password that you are using on one machine exists on
> > the other. MS does you a favor and passes it through since they match
> > exactly.
> >
> >
> > >
> >
> > ...butch()
>
>
> I understand that it 'passes' the information along, but does it
> use the same security process as longing onto a domain would provide?
>
>