Logon Scripts May Not Be Protected When They Are Stored on a Custom Shared Folder (812540)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, 64-Bit Enterprise Edition
- Microsoft Windows Server 2003, 64-Bit Datacenter Edition
- Microsoft Windows Small Business Server 2003, Standard Edition
- Microsoft Windows Small Business Server 2003, Premium Edition
SYMPTOMSBy default, Windows stores logon scripts in a secured location. Network administrators can change the default storage location of
logon scripts by storing them on a shared folder on any server. By doing so,
network administrators can have greater control over the location of the logon
scripts and the user permissions that are assigned to the shared
folder.MORE INFORMATIONBy using a customized share, network administrators may
potentially compromise security. If a network administrator configures the
permissions on the customized share so that users are permitted to modify,
delete, or replace script files, a virus may potentially be permitted to infect
the logon scripts.
Group policy was designed to allow network
administrators to use any server share to store script files. However, it is
the responsibility of the network administrator to make sure that the
appropriate security is established on network shares.
| Modification Type: | Major | Last Reviewed: | 3/1/2004 |
|---|
| Keywords: | kbinfo kbnofix kbBug KB812540 |
|---|
|