RE: Funny Windows 2k3 Security "Feature"

["Roger A. Grimes" <roger () banneretcs com>]

Set up IIS, set to anonymous logons, with WebDAV enabled.  That will
work for sure, if your end-users don't mind the http interface.

-----Original Message-----
From: Jon Gucinski [mailto:gucinski () gmail com] 
Sent: Thursday, March 16, 2006 11:43 AM
To: kevinlh () hotmail com; security-basics () securityfocus com
Subject: Re: Funny Windows 2k3 Security "Feature"

allow anonymous logon and network access to the share.  That should take
care of it.

Granted, this is as INsecure as something gets...but hey, its your net.

On 15 Mar 2006 18:18:20 -0000, kevinlh () hotmail com <kevinlh () hotmail com>
wrote:
> I have a mobile unit of servers that are basically file storage for
wifi laptops. The people that use the systems want to push a button and
have everything work. Don't want a domain, don't want passwords, just
want a central file system that everyone can rwxd. So I fired up MMC and
added Security Analysis and Configuration... and turned on anonymous
access to shares, enabled blank passwords for non-console users, enabled
guest, etc. I set guest password blank, and theoretically i should brose
to \\unsecuredserver\sharename and not be prompted for a password right?
WRONG! No matter what combination of Local Sec Policies I set, I am
always promted for a password. I was sure there was a way around it, but
none that I have found. I ALWAYS have to type guest, and apparently this
is too difficult for some people. <shrug> Any ideas?
> ----------------------------------------------------------------------
> ----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
> Norwich University program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting
experience.
> Tailor your education to your own professional goals with degree 
> customizations including Emergency Management, Business Continuity 
> Planning, Computer Emergency Response Teams, and Digital
Investigations.
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> -----

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------