Michel
Joseph Covey wrote:
>
> To be more specific, I am using NT 4.0 Workstation at home dialing
> into the
> Internet the same as all my customers. When I open the Internet
> Service
> Manager in the Microsoft Peer Web Services, I can connect to the IIS
> on my
> NT 4.0 Server at work without it asking for any logon or password and
> then
> I can actually configure and change any settings. I seem to remember
> trying
> this at one time but it would never connect or ask for logon. I am
> concerned that anyone running NT with IIS or MS Peer Web Services can
> connect to my IIS machine and change the configuration.
>
> Where does my NT workstation get the rights or permissions to be able
> to
> connect to the NT Server IIS though a TCP/IP connection over the
> Internet?
> The Workstation is set not to logon to domain. It is a member of
> Workgroup. When I connect to the Internet it is through a terminal
> server
> with radius. Where am I logging on to the NT server?
>
> Thanks,
>
> Joe Covey
> Netsites Internet Communications
>
> ----------
> > From: Eric Fagan <mailserve@pdqnet.net>
> > To: ntisp@emerald.iea.com
> > Subject: Re: Having Security Problems with IIS
> > Date: Saturday, July 26, 1997 12:40 AM
> >
> > > From: Joseph Covey <fatcat@netsites.net>
> > > Subject: Having Security Problems with IIS
> > >
> > > Can anyone tell me why I am able to connect to my NT 4.0 Server in
> the
> > > Internet Service Manager from my NT 4.0 Workstation that is on a
> dial-up
> > > PPP account the same as the rest of my dial-up customers. If just
> anyone
> >
> > What do you mean that you're connecting to NT "in the Internet
> Service
> > Manager"? ISM is an exe that runs on the server controlling IIS
> services.
> > Are you talking about web administration? You may have the
> workstation
> set
> > to logon to the domain - the account you are using is also probably
> the
> > admin one. Using an admin account, you'll be able to access many
> system
> > resources that a regular user can't simply becaus MSIE 3.0 will
> > automatically authenticate you when you try to access them. Use
> Netscape
> > to try to access those resources - it cannot do auto-network-
> > authentication like Internet Explorer. If Netscape can see whatever
> > resource you believe is protected (without asking for a password),
> everyone
> > can. (Netscape is always a good source to use if you want to check
> if
> > certain pages are *really* protected).
> >
> > Eric
> > mailserve@pdqnet.net
> >
> > ----------------------------------------------------------
> > NTISP Mailing List listserver@emerald.iea.com
> >
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
-- Michel Thiffaultcoordonnateur, projet JURiS (http://www.juris.uqam.ca/), GRIDcharge de cours, Departement des sciences juridiques, UQAM(514) 987-3000 6656# (fax 514 987-6548)