This is one that I have been thinking about for a while. One of my students in a server 2008 class pointed me to an article that corrected my train of thought. The question is, why is the Everyone group granted access when a share is created? Remember, I’ve been an MCSE since Windows NT4. At that time, the Everyone group included all authenticated users, and those who were on the network anonymously. I found this to be a security vulnerability so I have been advising students to remove this and use the Authenticated Users group instead for general share access for your entire domain. (Caution, it you have a trust relationship set up with another organization, they are also a member of the Authenticated Users group.) This article from Microsoft explains that the anonymous users have been removed from the Everyone group. This change happened in Windows 2003/XP.
As I'm writing this article, I'm also writing a customization for a PowerShell course I'm teaching next week in Phoenix. This customization deals with Group Policy and PowerShell. For those of you who attend my classes may already know this, but I sit their and try to ask the questions to myself that others may ask as I present the material. I finished up my customization a few hours ago and then I realized that I did not add in how to put a comment on a GPO. This is a feature that many Group Policy Administrators may not be aware of. This past summer I attended a presentation at TechEd on Group Policy. One organization in the crowd had over 5,000 Group Policies. In an environment like that, the comment section can be priceless. I always like to write in the comment section why I created the policy so I know its purpose next week after I've completed 50 other tasks and can't remember what I did 5 minutes ago. In the Group Policy module for PowerShell V3, th
Comments