=?Utf-8?B?QW50ZWF1cw==?= added these comments in the current
discussion du jour ...
That is just hysterical bar-talk, with no basis in fact. Guest
or anonymous access is only dangerous if mis-applied in such a
way as to allow unpriveleged users to do things they oughtn't.
Hysterical bar talk? My good friend, I was Information Security
Manager at Chrysler for the last 5 1/2 years of my career before
retiring in early 2002, and it is neither hysterical or bar talk.
Neither am I propogating urban legends. I've seen it happen, and
I've listened in on any number of NGs with dozens of people
moaning and groaning after opening up their system to casual use.
Administrator-level access can be even more dangerous if
mis-applied, witness the number of small LANs where users have
inadvertently been made Domain Admins instead of Local Admins,
and thus have the rights to trash the entire network if they
so choose. Yet, management are most likely blissfully unaware
that just one disgruntled employee could literally as well as
figuratively put them out of business with a few dozen
keystrokes in a commandprompt.
This is precisely why I say my views are valid and sound. It
isn't that it is impossible to do this right, it is that it is
SO, again IMO, difficult for even reasonably technically
knowledgeable people to do it "right", much less someone not
personally skilled in both security and networking.
I am out-of-date and getting more out-of-date every day since I
retired, just as the problem has accelerated and is doing so
today, but the general principles are still the same. No matter
what MS may brag about, XP's security is like swiss cheese. It
seems that maybe once a week somebody will ask an easy one like
"can I protect a folder from access by others?" If I understand
the answers they get from the MVPs, no it isn't, you have to do
it via account priveliges.
There is far more functionality to XP that I understand because I
don't have a specific enough need to dig into it by at least
buying the appropriate books from MS, Que, or others to learn
about it. But, that very same complexity, especially when
involving shared volumes across a LAN, WAN, or even allowing
remote Internet access, is EXACTLY why it can be frustratingly
difficult to accomplish what you want to do and NOT inadvertantly
"mis-apply" it.
As for anonymous share access, I've made concerted efforts in
the past to get that to work, and never succeeded. Guest
access unfortunately removes the user-level security from ALL
shares, not just the one, so may not be a suitable workaround.
In a friendly a way as I know how, please reflect on this: my
Momma had a saying that said "what happens, happens for the
best". Even at the very worst/lowest times in my entire life, she
has NEVER been wrong, albeit it may take a while to see the
light. So, maybe your failure to find a way to get true anonymous
share access will ultimately be revealed to you as a God Damn
thing you didn't succeed at.
Your last comment about Guest again is PRECISELY why I said THAt
is dangerous. The main issue I have with XP's security (again, I
know no-thing about Vista) is that it severely lacks in
granularity. I mean, I either have to restrict almost everything
or I have to grant literally everything.
When I first installed an XP box for my wife to replace her aging
Win 98 SE, I tried setting her account to "limited" so that she
couldn't accidently damage it, which in turn would give ME major
headache, right? But, within a couple days, I had to turn on
admin rights because so much stuff wouldn't/couldn't work. Even
some simple things that PSP 9 tried to do were blocked, her AV
updates wouldn't run, lots of things either failed to run at all,
the app/utility itself completely failed, or whatever she was
trying to do, she couldn't.
I don't know what you call this, but I call it LESS than the best
security possible at the time of SP2, and damn near of no use at
all. One more time, I stopped bashing MS some time back, so this
isn't that. But for all its vaunted security, it regularly causes
me pain and time with my simple 2-PC network so we can share
files and she can access my cable modem. What happens is one or
the other of the 2 PCs, or both, complain that it isn't
authorized to share to the other! Each time that happens,
generally after a bunch of updates and I have to restart them
both, I discover some other minor place I forgot to put either
her account or mine as having admin rights into the right place.
I'd call this fraud and negligence, except that I don't bash. So,
I'll just leave it as "I don't think much of SP2's security."
Now, if you're still talking to me and haven't written me off as
a fool, why don't you and I collaborate so we learn from each
other. And, please know that for the AVERAGE user, and cerainly
the novice user, I stand by my comment that UNFETTERED access is
dangerous.
BTW, are you coming in here via Google Groups or something? I
hear that these entries into Usenet are where bizzare nym strings
like your ?Utf-8?B?QW50ZWF1cw==?=
<
[email protected]>
come from, rather than the usual nym/handle/username that most of
us use.
