Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
Read Only Access to ALL Shares On a Network
Read Only Access to ALL Shares On a Network

Read Only Access to ALL Shares On a Network
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Read Only Access to ALL Shares On a Network Michael B Allen 12-12-2005
Posted by Michael B Allen on December 12, 2005, 3:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Is there a builtin or standard account that has read-only access to all
shares and their contents in a domain?

I have an application that needs to scan arbitrary files as a background
process and I need to store the password in a configuration file. Putting
the domain Administrator password in a config file is ludacris. Is there
a way to access all files without tweeking the ACLs on all shares?

Thanks,
Mike


Posted by Roger Abell [MVP] on December 13, 2005, 12:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
There is no such predefined access.

Even just an account, dom adm or not, that has
read (only) to everything raises my concern, and
having the creds of such account in a config file
scares me.

--
Roger
> Is there a builtin or standard account that has read-only access to all
> shares and their contents in a domain?
>
> I have an application that needs to scan arbitrary files as a background
> process and I need to store the password in a configuration file. Putting
> the domain Administrator password in a config file is ludacris. Is there
> a way to access all files without tweeking the ACLs on all shares?
>
> Thanks,
> Mike
>



Posted by =?Utf-8?B?SWFu?= on December 13, 2005, 3:13 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Putting the domain Administrator password in a config file is ludicrous. Is
there
> a way to access all files without tweeking the ACLs on all shares?

Domain Admins don't necessarily have access to shares anyway. Nor do local
Admins for that matter.

Furthenrmore, they also don't necessarily have rights to NTFS files, so even
if the Admin can get into the share that doesn't guarantee being able to
'see' all of the files therein.

Posted by Byron Hynes [MS] on December 13, 2005, 6:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You might be able to use the seBackup privelege to bypass NTFS permissions.
However, doing so should only be done after full consideration of the
consequences.

Share permissions are generally read-only by default, but AFAIK, you would
have to set those either manually or programatically to allow your app's
user access if the defaults have been changed.

Byron Hynes
Windows Server
Microsoft Corporation

http://spaces.msn.com/members/byronphynes

> Is there a builtin or standard account that has read-only access to
> all shares and their contents in a domain?
>
> I have an application that needs to scan arbitrary files as a
> background process and I need to store the password in a configuration
> file. Putting the domain Administrator password in a config file is
> ludacris. Is there a way to access all files without tweeking the ACLs
> on all shares?
>
> Thanks,
> Mike



Similar ThreadsPosted
Access to network shares January 25, 2007, 5:13 am
Question on - Network Access: Do not allow anonymous enumeration of SAM accounts and shares April 3, 2008, 9:48 am
Read vs Write/Read Access Rights November 15, 2005, 3:52 pm
Read only NTFS not allowing Read of MS Access October 8, 2008, 11:17 am
Re: How to allow Read only access to a folder but Write access to cont January 22, 2008, 10:22 pm
How to allow Read only access to a folder but Write access to cont January 22, 2008, 8:28 pm
Tightening down shares on a network?? October 13, 2005, 2:02 pm
Monitor (read) network traffice BEFORE it's encrypted? June 22, 2005, 2:42 pm
Blank password allowed for network shares? October 3, 2008, 11:02 am
Read Only Access to ADUC July 8, 2005, 9:40 am

The site map in XML format XML site map

Contact Us | Privacy Policy