Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security across domain/workgroup

Status
Not open for further replies.
bwoodley

bwoodley

IS-IT--Management
Apr 2, 2003
20
US
Ok, i'll admit im a novice but Im somewhat confused... I set up a win 2k PDC and made a few accounts. All the accounts are only in group Domain Users. Now i joined a win2k pro pc to the domain and log in as a basic user... i can then unc to the pdc like so \\pdc\c$. I get in just fine and am able to delete things of the servers c drive! this should not be happening!!! but another thing that urks me is that I have a XP Pro box that isnt in the domain and it can move up from its workgroup and access the domain and access the same c$ and also delete things from the pdc... and its not even in the domain... the win 2k server has just been loaded to defaults, and all I did was add a few users into a new OU. Maybe Im missing something but this domain basically has NO security...

WTF?
 
Sort by date Sort by votes
on the server, right click my computer>manage>shared folders>shares. Double check that you have only 1 c$ shared and it is the default share (only domain administrator access is granted). You do not have to create a c share otherwise. My guess is your problem lies in the server share permissions for shares you have created. You can also right click each share and tell it to stop sharing. Be default, everyone is given full NTFS permissions to the C drive, it is the share permissions that stops the access here.
 
Upvote 0 Downvote
By Default, these shares can only be accessed by users that belong to the Domain Admin Group. I have tested this on my network and I have fond that ordinary users are asked for a password if they try to connect to these Shares. You can also read the link below for other solutions towards blocking these shares. Hopes this helps.

 
Upvote 0 Downvote
I believe that if the PC is not part of the domain ( or you are logging on locally ) and the user name and password are the same as the user name and password on the domain for the admin equivalent then you can just log on. Or maybe it's the other way around.

Beyond identical name/passwords, you might look at the shares... especially if this AD Domain is a 'mixed' one. In Mixed Mode many directories allow ' null ' connections to allow W9x and older NT connections... for programs that ran on those platforms, etc. One thing I recall doing a couple of years ago here was removing the 'everyone' group from our data file folder structure and creating a specific company related group...and using that instead. I had found that in mixed mode visitors had access to files I did not intend for them to have.... this resolved that.


Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
340
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
130
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
309
fredmartinmaine
fredmartinmaine
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
121
hairlessupportmonkey
hairlessupportmonkey
Till
  • Locked
  • Question
Domain Admin Login Mail Notification
Replies
1
Views
71
technome
technome

Part and Inventory Search

Sponsor

Back
Top