[Samba] [OT?] W10, SYSTEM, guest access.

Joachim Lindenberg samba at lindenberg.one
Wed Aug 28 17:29:01 UTC 2019 

Hi Marco,
the fact that win 10 fails where access from win 7 succeeds makes me wonder whether it is because of tightened security of windows 10, in particular I suspect disabled smb 1. Thus you should probably not try to make windows 10 succeed the same way but look at your security issue. Lowering the security might actually open an attack vector in your provisioning process.
Best Regards, Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Marco Gaiarin via samba
Gesendet: Wednesday, 28 August 2019 18:15
An: samba at lists.samba.org
Betreff: [Samba] [OT?] W10, SYSTEM, guest access.


[ I've just asked abut that, here, but now seems a simpler things, so i
  retry... ]

This seems NON a samba touble, but a different behaviour in M$ client OS. But, really, i've not clue how to find an answer...

Suppose to have a Win7 and a Win10 machine, both NOT joined to a domain. Suppose to have a share, with guest access enabled, where only readonly access are needed.

Suppose also to spawn a SYSTEM shell (psexec -d -s -i cmd).


What we note is that:

a) win7 client NOT joined to the domain access the share as SYSTEM in  guest mode.

b) win7 client joined to the domain access the share as SYSTEM in  guest mode (supposed).

c) win10 client NOT joined to the domain FAIL to access the share as  SYSTEM (normal user can access the share).

d) win10 client joined to the domain access the share as SYSTEM using  the machine account (verified).

This happen seems at the same way in ''NT like'' and ''AD'' domains.


The trouble come from the fact that 'access' is run some setup scripts, and without doing registry setup we cannot join the Win10 box to the NT domain. Yes, we have a bootstrap problem. ;-)


Someone can point me to some documentaztion, to make Win10 behave like win7, or at least try to?

Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list