Windows .NET Server locks down “Everyone”

by Robert J. Shimonski
Sept. 1, 2017 0 comments TechGenix Detection & Response windows client security

One of the biggest security issues you may have seen with older versions of Windows based servers is that when you assign permissions, you may accident be assigning too much because of a design flaw with anonymous access. When you have members of the Anonymous Logon group, they were also granted access to data because when an administrator thinks of ‘anonymous’, the administrator may also think this implies non-authentication. When you think of the Everyone Group, you may imply authentication of users. By design (and flaw), anonymous users where also part of the Everyone Group. In Windows .NET Server, the “Anonymous” Logon user group is not a member of the “Everyone” group. This is a good thing, as you will find that assigning everything yourself can be a chore at times, but its safe. If you do however need to grant these rights, then you can by going to the Local Security Policy MMC be going to: