HELP! -- I Messed up...

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

OK, I ran a security script agains my NT4 DCs and have not prevented users
from accessing the NETLOGON Shares.... I have looked at the SHARE
PERMISSIONS and they look OK (DOMAIN USERS and AUTHENTICATED USERS) have
access and in the normal folder PERMISSIONS. Is this something where the
EVERYONE needs permissions? I believe this is what may have been removed but
is it really required?
 
Archived from groups: microsoft.public.windowsnt.domain (More info?)

What error happens in response to a "net view \\servername"if this fails the
problem is probably the user right "Access this computer from the network."


This posting is provided "AS IS" with no warranties, and confers no rights


"Carl Hilton" <someone@microsoft.com> wrote in message
news:%23uv2SSxGEHA.2436@TK2MSFTNGP09.phx.gbl...
OK, I ran a security script agains my NT4 DCs and have not prevented users
from accessing the NETLOGON Shares.... I have looked at the SHARE
PERMISSIONS and they look OK (DOMAIN USERS and AUTHENTICATED USERS) have
access and in the normal folder PERMISSIONS. Is this something where the
EVERYONE needs permissions? I believe this is what may have been removed but
is it really required?
 
Archived from groups: microsoft.public.windowsnt.domain (More info?)

And that would be set where on an NT4 PDC?


"Greg Lirette [MS]" <gregoryl@online.microsoft.com> wrote in message
news:OaowGt0GEHA.2084@TK2MSFTNGP10.phx.gbl...
> What error happens in response to a "net view \\servername"if this fails
the
> problem is probably the user right "Access this computer from the
network."
>
>
> This posting is provided "AS IS" with no warranties, and confers no rights
>
>
> "Carl Hilton" <someone@microsoft.com> wrote in message
> news:%23uv2SSxGEHA.2436@TK2MSFTNGP09.phx.gbl...
> OK, I ran a security script agains my NT4 DCs and have not prevented users
> from accessing the NETLOGON Shares.... I have looked at the SHARE
> PERMISSIONS and they look OK (DOMAIN USERS and AUTHENTICATED USERS) have
> access and in the normal folder PERMISSIONS. Is this something where the
> EVERYONE needs permissions? I believe this is what may have been removed
but
> is it really required?
>
>
>
 
Archived from groups: microsoft.public.windowsnt.domain (More info?)

From a problem client, try and access the \\PDC_Name\Netlogon, are you able
to acess the share? Examples from the cmd line;

Net view \\PDC_Name
Net use * \\PDC_Name\Netlogon

If you are geting the error "Access this computer from the network.", you
can change this via User Manager for Domains. The setting is under the
Policies option. There will be a setting for "Access Computer from network",
verify Everyone is added to this right.


--
Darren Hook
dhook@online.microsoft.com
Microsoft PSS

Please do not send email directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.
"Carl Hilton" <someone@microsoft.com> wrote in message
news:eFpyVd8GEHA.628@TK2MSFTNGP10.phx.gbl...
> And that would be set where on an NT4 PDC?
>
>
> "Greg Lirette [MS]" <gregoryl@online.microsoft.com> wrote in message
> news:OaowGt0GEHA.2084@TK2MSFTNGP10.phx.gbl...
> > What error happens in response to a "net view \\servername"if this fails
> the
> > problem is probably the user right "Access this computer from the
> network."
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights
> >
> >
> > "Carl Hilton" <someone@microsoft.com> wrote in message
> > news:%23uv2SSxGEHA.2436@TK2MSFTNGP09.phx.gbl...
> > OK, I ran a security script agains my NT4 DCs and have not prevented
users
> > from accessing the NETLOGON Shares.... I have looked at the SHARE
> > PERMISSIONS and they look OK (DOMAIN USERS and AUTHENTICATED USERS) have
> > access and in the normal folder PERMISSIONS. Is this something where the
> > EVERYONE needs permissions? I believe this is what may have been removed
> but
> > is it really required?
> >
> >
> >
>
>
 
Archived from groups: microsoft.public.windowsnt.domain (More info?)

I did have EVERYONE added to the "Access Computer from Network" in the
UMforD. I tracked down the issued to the "...\LSA\crashonauditfail" reg
hack. Now, why this reg hack would prevent folks from accessing the NETLOGON
share is beyond me. The log/evt files were NO WHERE near being full...


Carl

"Darren Hook [MSFT]" <dhook@online.microsoft.com> wrote in message
news:u3YA5A9GEHA.2160@TK2MSFTNGP12.phx.gbl...
> From a problem client, try and access the \\PDC_Name\Netlogon, are you
able
> to acess the share? Examples from the cmd line;
>
> Net view \\PDC_Name
> Net use * \\PDC_Name\Netlogon
>
> If you are geting the error "Access this computer from the network.", you
> can change this via User Manager for Domains. The setting is under the
> Policies option. There will be a setting for "Access Computer from
network",
> verify Everyone is added to this right.
>
>
> --
> Darren Hook
> dhook@online.microsoft.com
> Microsoft PSS
>
> Please do not send email directly to this alias. This alias is for
> newsgroup purposes only.
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> "Carl Hilton" <someone@microsoft.com> wrote in message
> news:eFpyVd8GEHA.628@TK2MSFTNGP10.phx.gbl...
> > And that would be set where on an NT4 PDC?
> >
> >
> > "Greg Lirette [MS]" <gregoryl@online.microsoft.com> wrote in message
> > news:OaowGt0GEHA.2084@TK2MSFTNGP10.phx.gbl...
> > > What error happens in response to a "net view \\servername"if this
fails
> > the
> > > problem is probably the user right "Access this computer from the
> > network."
> > >
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights
> > >
> > >
> > > "Carl Hilton" <someone@microsoft.com> wrote in message
> > > news:%23uv2SSxGEHA.2436@TK2MSFTNGP09.phx.gbl...
> > > OK, I ran a security script agains my NT4 DCs and have not prevented
> users
> > > from accessing the NETLOGON Shares.... I have looked at the SHARE
> > > PERMISSIONS and they look OK (DOMAIN USERS and AUTHENTICATED USERS)
have
> > > access and in the normal folder PERMISSIONS. Is this something where
the
> > > EVERYONE needs permissions? I believe this is what may have been
removed
> > but
> > > is it really required?
> > >
> > >
> > >
> >
> >
>
>
 
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Interesting, I assume that you have already changed the value to either 0
or 1 and it is now working. You may be interested to know that
CrashOnAuditFail does not just affect you when the audit log is full but
also in instances when there was an error returned when an attempt was made
to make a security audit entry. In some cases the error may not be related
to the log being full.

Interesting follow up

Thanks,
Greg Lirette


This posting is provided "AS IS" with no warranties, and confers no rights.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom