A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Realation between Guests and Users groups



 
 
Thread Tools Display Modes
  #1  
Old July 30th 10, 02:23 PM posted to microsoft.public.windowsxp.security_admin
Martin Plechsmid
external usenet poster
 
Posts: 3
Default Realation between Guests and Users groups

Hello,

I may have a trivial question.

The Guests group should be much more restricted then the Users group,
according to documentation. However, I tested this on my computer (WinXP
SP3) with a user that is in the Guests group but not simultaneously in the
Users group. The user seems to have the same privileges as if he were in the
Users group. (I.e. I can see and modify files, execute any programs
including internet browser etc.)

In particular, on my hard disks I never have privileges specified
explicitely for the Guests group. But the user obtains the rights that are
specified for the Users group. As if the Guests group was a member of the
Users group (but it is not).

So, what is the relation between the Guests and Users groups?

My system is WinXP Pro SP3 with default security settings (i.e. I have not
modified the privileges on disk folders nor the hierarchy in user groups).

Thank you,
Martin.


Ads
  #2  
Old July 30th 10, 02:59 PM posted to microsoft.public.windowsxp.security_admin
John John - MVP
external usenet poster
 
Posts: 780
Default Realation between Guests and Users groups



Martin Plechsmid wrote:
Hello,

I may have a trivial question.

The Guests group should be much more restricted then the Users group,
according to documentation. However, I tested this on my computer (WinXP
SP3) with a user that is in the Guests group but not simultaneously in the
Users group. The user seems to have the same privileges as if he were in the
Users group. (I.e. I can see and modify files, execute any programs
including internet browser etc.)

In particular, on my hard disks I never have privileges specified
explicitely for the Guests group. But the user obtains the rights that are
specified for the Users group. As if the Guests group was a member of the
Users group (but it is not).

So, what is the relation between the Guests and Users groups?

My system is WinXP Pro SP3 with default security settings (i.e. I have not
modified the privileges on disk folders nor the hierarchy in user groups).


When looking at your permissions keep in mind that "Everyone" includes
"Guests".

John
  #3  
Old July 30th 10, 08:36 PM posted to microsoft.public.windowsxp.security_admin
John Wunderlich
external usenet poster
 
Posts: 1,466
Default Realation between Guests and Users groups

"Martin Plechsmid" wrote in
:

The Guests group should be much more restricted then the Users
group, according to documentation.


What documentation says this?
You aren't confusing the "Guests" group with the "Guest" user, are you?

In particular, on my hard disks I never have privileges specified
explicitely for the Guests group. But the user obtains the rights
that are specified for the Users group. As if the Guests group was
a member of the Users group (but it is not).

So, what is the relation between the Guests and Users groups?


In the computer management console (Start - Run - "compmgmt.msc")
Under System Tools - Local Users and Groups - Groups

The description of the "Guests" group reads:
"Guests have the same access as members of the Users group by default,
except for the Guest account which is further restricted."

HTH,
John



  #4  
Old August 2nd 10, 09:22 AM posted to microsoft.public.windowsxp.security_admin
Martin Plechsmid
external usenet poster
 
Posts: 3
Default Realation between Guests and Users groups

No, I don't confuse Guest and Guests. And I'm aware that Everyone includes
Guests.

Look, for instance, at "C:\Windows" and choose Properties - Security -
Advanced. There you'll see permissions for Administrators, System, Owner,
Users and PowerUsers, all non-inherited. No privilege for Guests (nor
Everyone), though users in Guests group see the folder and file content
without any problem. That's what I'm talking about.
So, where the privileges for Guests come from?

Thank you,
Martin.


"John Wunderlich" píše v diskusním příspěvku
03...
"Martin Plechsmid" wrote in
:

The Guests group should be much more restricted then the Users
group, according to documentation.


What documentation says this?
You aren't confusing the "Guests" group with the "Guest" user, are you?

In particular, on my hard disks I never have privileges specified
explicitely for the Guests group. But the user obtains the rights
that are specified for the Users group. As if the Guests group was
a member of the Users group (but it is not).

So, what is the relation between the Guests and Users groups?


In the computer management console (Start - Run - "compmgmt.msc")
Under System Tools - Local Users and Groups - Groups

The description of the "Guests" group reads:
"Guests have the same access as members of the Users group by default,
except for the Guest account which is further restricted."

HTH,
John





  #5  
Old August 3rd 10, 08:03 PM posted to microsoft.public.windowsxp.security_admin
John Wunderlich
external usenet poster
 
Posts: 1,466
Default Realation between Guests and Users groups

"Martin Plechsmid" wrote in
:

Look, for instance, at "C:\Windows" and choose Properties -
Security - Advanced. There you'll see permissions for
Administrators, System, Owner, Users and PowerUsers, all
non-inherited. No privilege for Guests (nor Everyone), though
users in Guests group see the folder and file content without any
problem. That's what I'm talking about. So, where the privileges
for Guests come from?


Martin,

That makes your question much clearer.
The best answer I have found comes from the article:

"Managing Authorization and Access Control"
http://technet.microsoft.com/en-us/library/bb457115.aspx

It seems to indicate that with a couple of exceptions the "Groups" and
"Users" groups are essentially one-in-the-same:

quote
Guests

By default, members of the Guests group are denied access to the
application and system event logs. Otherwise, members of the Guests
group have the same access rights as members of the Users group. This
allows occasional or one-time users to log on to a workstation’s built-
in Guest account and be granted limited abilities. Members of the
Guests group can also shut down the system.

Note: The Guest account, which is a member of the Guests group by
default, is not an authenticated user. When logged on interactively,
the Guest account is a member of both the Guests group and the Users
group. However, when logged on over the network, the Guest account is
not a member of the Users group.

/quote

Hope this helps,
John
  #6  
Old August 5th 10, 06:59 AM posted to microsoft.public.windowsxp.security_admin
Martin Plechsmid
external usenet poster
 
Posts: 3
Default Realation between Guests and Users groups

Thank you for the link. Though still very unclear, it is a better document
than any I have found.

Martin.


"John Wunderlich" píše v diskusním příspěvku
03...
"Martin Plechsmid" wrote in
:

Look, for instance, at "C:\Windows" and choose Properties -
Security - Advanced. There you'll see permissions for
Administrators, System, Owner, Users and PowerUsers, all
non-inherited. No privilege for Guests (nor Everyone), though
users in Guests group see the folder and file content without any
problem. That's what I'm talking about. So, where the privileges
for Guests come from?


Martin,

That makes your question much clearer.
The best answer I have found comes from the article:

"Managing Authorization and Access Control"
http://technet.microsoft.com/en-us/library/bb457115.aspx

It seems to indicate that with a couple of exceptions the "Groups" and
"Users" groups are essentially one-in-the-same:

quote
Guests

By default, members of the Guests group are denied access to the
application and system event logs. Otherwise, members of the Guests
group have the same access rights as members of the Users group. This
allows occasional or one-time users to log on to a workstation’s built-
in Guest account and be granted limited abilities. Members of the
Guests group can also shut down the system.

Note: The Guest account, which is a member of the Guests group by
default, is not an authenticated user. When logged on interactively,
the Guest account is a member of both the Guests group and the Users
group. However, when logged on over the network, the Guest account is
not a member of the Users group.

/quote

Hope this helps,
John



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 02:32 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Š2004-2024 PCbanter.
The comments are property of their posters.