July 1st, 2003, 09:01 PM
Windows XP server service
Hello all, I just wanted to inform the AO community about a change between 2000 and XP that I thought can be a serious security matter for administrators wanting to lock-down windows boxes, or just for the security consious users. (Bear with me)
For my particular setup, I don't believe in leaving "file and print sharing" running on any computer that is a workstation. I have a linux server running that I use to store all files my home network needs with samba for windows access.
Long story short, I have discovered that the ability to change users access level (i.e. users, power users, administrators, etc) has been linked THROUGH the server service (and therefore, by default file and print sharing).
This behavior does not exist in windows 2000 (at least not as of SP3, I haven't been willing to put SP4 on yet as I have heard lots of problems with that) as I uninstalled file and print sharing and was still able to access the "member of" tab and change user rights.
Perhaps I'm just being paranoid, but nonetheless, I believe in making my machines/network as secure as possible, and I personally consider this to be unacceptable.
-Those are my principles. If you don\'t like them, I have others.