|
|
Realation between Guests and Users groups
Hello,
I may have a trivial question. The Guests group should be much more restricted then the Users group, according to documentation. However, I tested this on my computer (WinXP SP3) with a user that is in the Guests group but not simultaneously in the Users group. The user seems to have the same privileges as if he were in the Users group. (I.e. I can see and modify files, execute any programs including internet browser etc.) In particular, on my hard disks I never have privileges specified explicitely for the Guests group. But the user obtains the rights that are specified for the Users group. As if the Guests group was a member of the Users group (but it is not). So, what is the relation between the Guests and Users groups? My system is WinXP Pro SP3 with default security settings (i.e. I have not modified the privileges on disk folders nor the hierarchy in user groups). Thank you, Martin. |
Realation between Guests and Users groups
Martin Plechsmid wrote: Hello, I may have a trivial question. The Guests group should be much more restricted then the Users group, according to documentation. However, I tested this on my computer (WinXP SP3) with a user that is in the Guests group but not simultaneously in the Users group. The user seems to have the same privileges as if he were in the Users group. (I.e. I can see and modify files, execute any programs including internet browser etc.) In particular, on my hard disks I never have privileges specified explicitely for the Guests group. But the user obtains the rights that are specified for the Users group. As if the Guests group was a member of the Users group (but it is not). So, what is the relation between the Guests and Users groups? My system is WinXP Pro SP3 with default security settings (i.e. I have not modified the privileges on disk folders nor the hierarchy in user groups). When looking at your permissions keep in mind that "Everyone" includes "Guests". John |
Realation between Guests and Users groups
"Martin Plechsmid" wrote in
: The Guests group should be much more restricted then the Users group, according to documentation. What documentation says this? You aren't confusing the "Guests" group with the "Guest" user, are you? In particular, on my hard disks I never have privileges specified explicitely for the Guests group. But the user obtains the rights that are specified for the Users group. As if the Guests group was a member of the Users group (but it is not). So, what is the relation between the Guests and Users groups? In the computer management console (Start - Run - "compmgmt.msc") Under System Tools - Local Users and Groups - Groups The description of the "Guests" group reads: "Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted." HTH, John |
Realation between Guests and Users groups
No, I don't confuse Guest and Guests. And I'm aware that Everyone includes
Guests. Look, for instance, at "C:\Windows" and choose Properties - Security - Advanced. There you'll see permissions for Administrators, System, Owner, Users and PowerUsers, all non-inherited. No privilege for Guests (nor Everyone), though users in Guests group see the folder and file content without any problem. That's what I'm talking about. So, where the privileges for Guests come from? Thank you, Martin. "John Wunderlich" píše v diskusním příspěvku 03... "Martin Plechsmid" wrote in : The Guests group should be much more restricted then the Users group, according to documentation. What documentation says this? You aren't confusing the "Guests" group with the "Guest" user, are you? In particular, on my hard disks I never have privileges specified explicitely for the Guests group. But the user obtains the rights that are specified for the Users group. As if the Guests group was a member of the Users group (but it is not). So, what is the relation between the Guests and Users groups? In the computer management console (Start - Run - "compmgmt.msc") Under System Tools - Local Users and Groups - Groups The description of the "Guests" group reads: "Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted." HTH, John |
Realation between Guests and Users groups
"Martin Plechsmid" wrote in
: Look, for instance, at "C:\Windows" and choose Properties - Security - Advanced. There you'll see permissions for Administrators, System, Owner, Users and PowerUsers, all non-inherited. No privilege for Guests (nor Everyone), though users in Guests group see the folder and file content without any problem. That's what I'm talking about. So, where the privileges for Guests come from? Martin, That makes your question much clearer. The best answer I have found comes from the article: "Managing Authorization and Access Control" http://technet.microsoft.com/en-us/library/bb457115.aspx It seems to indicate that with a couple of exceptions the "Groups" and "Users" groups are essentially one-in-the-same: quote Guests By default, members of the Guests group are denied access to the application and system event logs. Otherwise, members of the Guests group have the same access rights as members of the Users group. This allows occasional or one-time users to log on to a workstations built- in Guest account and be granted limited abilities. Members of the Guests group can also shut down the system. Note: The Guest account, which is a member of the Guests group by default, is not an authenticated user. When logged on interactively, the Guest account is a member of both the Guests group and the Users group. However, when logged on over the network, the Guest account is not a member of the Users group. /quote Hope this helps, John |
Realation between Guests and Users groups
Thank you for the link. Though still very unclear, it is a better document
than any I have found. Martin. "John Wunderlich" píše v diskusním příspěvku 03... "Martin Plechsmid" wrote in : Look, for instance, at "C:\Windows" and choose Properties - Security - Advanced. There you'll see permissions for Administrators, System, Owner, Users and PowerUsers, all non-inherited. No privilege for Guests (nor Everyone), though users in Guests group see the folder and file content without any problem. That's what I'm talking about. So, where the privileges for Guests come from? Martin, That makes your question much clearer. The best answer I have found comes from the article: "Managing Authorization and Access Control" http://technet.microsoft.com/en-us/library/bb457115.aspx It seems to indicate that with a couple of exceptions the "Groups" and "Users" groups are essentially one-in-the-same: quote Guests By default, members of the Guests group are denied access to the application and system event logs. Otherwise, members of the Guests group have the same access rights as members of the Users group. This allows occasional or one-time users to log on to a workstations built- in Guest account and be granted limited abilities. Members of the Guests group can also shut down the system. Note: The Guest account, which is a member of the Guests group by default, is not an authenticated user. When logged on interactively, the Guest account is a member of both the Guests group and the Users group. However, when logged on over the network, the Guest account is not a member of the Users group. /quote Hope this helps, John |
| All times are GMT +1. The time now is 02:38 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters