TIP: Click on subject to list as thread! ANSI
echo: win32
to: CHRIS HOLTEN
from: FRANK RAMSEY
date: 1998-03-01 19:59:00
subject: Administrative shares
Chris Holten wrote in a message to Frank Ramsey:
 FR> Chris Holten wrote in a message to Steve Quarrella:
CH> administrative shares. You don't have to be a part of a
CH> domain to have access to domain resources.
 FR> If the domain guest account is disabled (the default), 
 FR> you must be part of the domain to access domain 
 FR> resources.
CH> Hmm..I never noticed that. However I can log on remotely to
CH> a different domain than what I am in using an administrator
CH> account for that domain and have domain privals. If there is
CH> no guest account, then I can't do that? 
If the domain A trusts domain B and you're part of domain B, the admins of 
domain A can grant you privs to domain A resources. The default privs for a 
trusted domain to a trusting domain are access to domain resources would not 
be available to workstations not part of the domain by default. There was not 
a suggestion that the workstation belonged to a domain; quite the contrary, 
the workstation would be kept out of domains to protect the security of admin 
shares. I jumped in to point out your answer was correct, but to work as 
described would require the guest account in the domain to be changed from 
the default.
If there are no trust relationships between domains and the guest account is 
disabled, attempts to access domain resources will result in access denied.
I seem to recall the issue was how disable the admin shares. You responded a 
choice would be to keep the workstation out of the domain and therefore 
keeping the admin shares unavailable to domain admin. 100% true. If a 
workstation is not part of the domain, only accounts defined in the 
workstation SAM has access to workstation resources. Because it's not part of 
the domain, domain admins are not part of the workstation SAM.
I believe you then suggested the workstation does not have to be part of the 
domain to access domain resources. Because the guest account is disabled by 
default, by default the workstation will not be able to access domain 
resources. To access domain resources, the guest account in the domain must 
be enabled. Or the workstation be made part of the domain, which means the 
admin shares on the workstation are available to domain admins.
Frank  PE, CNE, MCSE, MCP+I, MCP
 framsey@goodyear.com, frank.ramsey@fallsbbs.com
---
---------------
* Origin: A Point on Pine Lake, Uniontown, Ohio (1:157/110.70)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.