[ I've just asked abut that, here, but now seems a simpler things, so i
retry... ]
This seems NON a samba touble, but a different behaviour in M$
client OS. But, really, i've not clue how to find an answer...
Suppose to have a Win7 and a Win10 machine, both NOT joined to a
domain. Suppose to have a share, with guest access enabled, where only
readonly access are needed.
Suppose also to spawn a SYSTEM shell (psexec -d -s -i cmd).
What we note is that:
a) win7 client NOT joined to the domain access the share as SYSTEM in
guest mode.
b) win7 client joined to the domain access the share as SYSTEM in
guest mode (supposed).
c) win10 client NOT joined to the domain FAIL to access the share as
SYSTEM (normal user can access the share).
d) win10 client joined to the domain access the share as SYSTEM using
the machine account (verified).
This happen seems at the same way in ''NT like'' and
''AD'' domains.
The trouble come from the fact that 'access' is run some setup scripts,
and without doing registry setup we cannot join the Win10 box to the NT
domain. Yes, we have a bootstrap problem. ;-)
Someone can point me to some documentaztion, to make Win10 behave like
win7, or at least try to?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
http://www.lanostrafamiglia.it/
Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 28/08/2019 17:14, Marco Gaiarin via samba wrote:> [ I've just asked abut that, here, but now seems a simpler things, so i > retry... ] > > This seems NON a samba touble, but a different behaviour in M$ > client OS. But, really, i've not clue how to find an answer... > > Suppose to have a Win7 and a Win10 machine, both NOT joined to a > domain. Suppose to have a share, with guest access enabled, where only > readonly access are needed. > > Suppose also to spawn a SYSTEM shell (psexec -d -s -i cmd). > > > What we note is that: > > a) win7 client NOT joined to the domain access the share as SYSTEM in > guest mode. > > b) win7 client joined to the domain access the share as SYSTEM in > guest mode (supposed). > > c) win10 client NOT joined to the domain FAIL to access the share as > SYSTEM (normal user can access the share). > > d) win10 client joined to the domain access the share as SYSTEM using > the machine account (verified). > > This happen seems at the same way in ''NT like'' and ''AD'' domains. > > > The trouble come from the fact that 'access' is run some setup scripts, > and without doing registry setup we cannot join the Win10 box to the NT > domain. Yes, we have a bootstrap problem. ;-) > > > Someone can point me to some documentaztion, to make Win10 behave like > win7, or at least try to? > > Thanks. >Are you trying to connect to a Samba share, if so, post your smb.conf from the Samba machine. Are you also aware that continuing to use an NT domain isn't a good idea ? Are you also aware the the Guest user is turned off on Windows 10 by default ? Rowland
Hi Marco,
the fact that win 10 fails where access from win 7 succeeds makes me wonder
whether it is because of tightened security of windows 10, in particular I
suspect disabled smb 1. Thus you should probably not try to make windows 10
succeed the same way but look at your security issue. Lowering the security
might actually open an attack vector in your provisioning process.
Best Regards, Joachim
-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Marco Gaiarin
via samba
Gesendet: Wednesday, 28 August 2019 18:15
An: samba at lists.samba.org
Betreff: [Samba] [OT?] W10, SYSTEM, guest access.
[ I've just asked abut that, here, but now seems a simpler things, so i
retry... ]
This seems NON a samba touble, but a different behaviour in M$ client OS. But,
really, i've not clue how to find an answer...
Suppose to have a Win7 and a Win10 machine, both NOT joined to a domain. Suppose
to have a share, with guest access enabled, where only readonly access are
needed.
Suppose also to spawn a SYSTEM shell (psexec -d -s -i cmd).
What we note is that:
a) win7 client NOT joined to the domain access the share as SYSTEM in guest
mode.
b) win7 client joined to the domain access the share as SYSTEM in guest mode
(supposed).
c) win10 client NOT joined to the domain FAIL to access the share as SYSTEM
(normal user can access the share).
d) win10 client joined to the domain access the share as SYSTEM using the
machine account (verified).
This happen seems at the same way in ''NT like'' and
''AD'' domains.
The trouble come from the fact that 'access' is run some setup scripts,
and without doing registry setup we cannot join the Win10 box to the NT domain.
Yes, we have a bootstrap problem. ;-)
Someone can point me to some documentaztion, to make Win10 behave like win7, or
at least try to?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
http://www.lanostrafamiglia.it/
Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Mandi! Joachim Lindenberg via samba In chel di` si favelave...> the fact that win 10 fails where access from win 7 succeeds makes me wonder whether it is because of tightened security of windows 10, in particular I suspect disabled smb 1.At least for SMB1, we have tried with SMB1 enabled or disabled, same behaviour. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Mandi! Rowland penny via samba In chel di` si favelave...> Are you also aware the the Guest user is turned off on Windows 10 by default?Aware yes, but i supposed was related to guest access TO the client, not guest access OF the client to server share... But, i'll give it a try. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)