The local system account has null credentials and therefore has no implicit
access to network resources.
Remote resources deny access to null sessions unless explicitly granted
access.
Network resources may be accessed by services running under the local
system account
by adding the following registry entry to permit null session access to a
particular share:
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares\ShareName
where ShareName is REG_SZ value which specifing the name of the share.
Blanket null session access to ANY remote resource (shares, pipes, etc.)
may be granted by assigning the following REG_DWORD
registry value 0:
HKLM\SYSTEM\CurrentControlSet\Service\LanmanServer\Parameters\RestrictNullSessionAccess
Note that the above is a huge security hole and is not recommended.
Hope this helps ....
Pete Tanenhaus
Tivoli Storage Solutions Software Development
email: tanenhau AT us.ibm DOT com
tieline: 855.7620, external: 607.755.7620
"Those who refuse to challenge authority are condemned to conform to it"
---------------------- Forwarded by Pete Tanenhaus/San Jose/IBM on
03/05/2001 05:40 PM ---------------------------
03/05/2001 05:40 PM ---------------------------
John Monahan <JohnMonahan AT LIBERTYDIVERSIFIED DOT COM>@VM.MARIST.EDU> on
03/05/2001 03:55:20 PM
Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Re: Backing up NT-shares trough an Win2k-Server
If you are trying to back up these shares through a schedule, then you
must change the ADSM Scheduler service to use an account with
administrative rights to those shares. The system account is used by
default, and it does not have rights to any remote computers or shares.
===========================================
John Monahan
Network Team Coordinator
Liberty Diversified Industries
(763) 536-6677
===========================================
Christian Huber <huberc AT FS.TUM DOT DE>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
03/05/01 01:59 PM
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Backing up NT-shares trough an Win2k-Server
Hi there,
I am new to this list, so I hope this is the rigth place for my request.
I got some trouble configuring my ADSM-Client properly and hope you can
give me some assistance. I got a Windows 2000 Server on which I mounted
some shares from my old NT-fileserver. This files can be accesed by the
Windows-explorer, so the networkpermissions seem to be set correctly. But
my ADSM-Client cannot backup them. First it complained about an error
occuring while trying to access NTFS security information. Using the
"skipntsecuritycrc"-option did not help, so I tried the
"skipntpermissions"-option. This resulted in the ADSM-Client being able to
access the volume, but now it complains about the access to the objects
being denied, but not by all of them, although there is now visible
difference in the file properties. This confuses me, because the
ADSM-Client runs as an Administratorprocess and all files in the volume
are
readable and accessable by the Administrator. I am sure it's just a silly
thing, but I don't get. Could you please give me some advice?
Sincerely,
Christian Huber
|
