在 Windows 上,谁属于“Everyone”组和“Authenticated Users”组?
我的应用程序使用命名管道来执行 IPC。 我应该对其进行什么访问控制,以提供广泛的仅限本地访问?
该管道是由 .net 2.0 远程协议创建的,并且它已经具有“NETWORK”组的 ACL 来拒绝所有访问,因此我认为只有本地用户可以访问它。 在我的远程处理配置文件中,我需要选择一个可以访问此管道的“authorizedGroup”。
我希望本地计算机上运行的任何进程都可以访问我的命名管道。
我似乎需要在“所有人”组或“经过身份验证的用户”组的访问权限之间进行选择。 考虑到仅限本地访问,哪些进程可能在“Everyone”组下运行但不在“Authenticated Users”组中?
我对 Windows XP 及更高版本的答案感兴趣。
My application uses a Named Pipe to do IPC. What access control should I place on it, to provide broad local only access?
The pipe is created by the .net 2.0 remoting protocol, and it already has an ACL for the 'NETWORK' group to deny all access, so I think only local users can access it. In my remoting configuration file I need to pick an 'authorizedGroup' who can access this pipe.
I would like any process running on the local machine to access my named pipe.
I would appear to need to select between access for the 'Everyone' Group or the 'Authenticated Users' group. Given the local-only access, what processes might be running under the 'Everyone' group that are not in the 'Authenticated Users' group?
I'm interested in answers for Windows XP and above.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
“所有人”是“经过身份验证的用户”和“访客”的集合组。 请注意,对于 Win 2000 及更早版本,它也包括“匿名”,其中不进行任何检查。
“经过身份验证的用户”是已登录 AD 并拥有登录令牌的用户。
我的文本是对 Windows Server 2003“安全标识符”。
从链接编辑“网络”:
说实话,我从来没有想过这个问题……抱歉。
"Everyone" is a collective group for "Authenticated Users" and "Guest". Note that for Win 2000 and earlier, it included "Anonymous" too where no checks are made
"Authenticated Users" is user who has logged into AD and has a login token.
My text is paraphrasing of Windows Server 2003 "Security identifiers".
Edit, "Network" from the link:
To be honest, I've never thought about this one much... sorry.