| Subject: How do I set User Right on Bypass traverse checking to 'Not Defined'? |
| Group: microsoft.public.windows.vista.security |
| Date: 8/4/2008 7:47:29 AM |
| From: trey.jonn@gmail.com |
Is it possible to set User Rights - Bypass Traverse Checking[BTC] to Not Defined? This User right is assigned by default to accounts: Everyone, Administrators, Users, Backup Operators, Local Service, Network Service When I remove all accounts assigned this User Right[BTC] using gpedit.msc, Windows Vista assigns Local Service & network Service accounts, the user right- BTC. Is it possible for a user to assign the UR, BTC to no accounts at all? Does undefining a user right mean that no accounts are privileged to use this user right? Where do I find steps to undefine this User Right? [Appendix A: Security Group Policy Settings recommends this setting as Not Defined] |
| Back |
| Subject: Re: How do I set User Right on Bypass traverse checking to 'Not Defined'? |
| Group: microsoft.public.windows.vista.security |
| Date: 8/4/2008 10:34:06 AM |
| From: "Anthony [MVP]" [Email Address Protection] |
Trey, I am not sure if I understand you correctly. Undefined in Group Policy means that AD policies in the Group Policy Management console do not override the Local Security Policy. So the Group Policy for BTC rights would be Undefined, leaving the default Local Security Policy that assigns the right to the the groups and accounts you mention. So yes, in Group Policy you can leave the right undefined. In Local Security Policy it will retain the default settings. Changing the default Local Security Policy rights for BTC could create mayhem, but perhaps you have a reason to do it? Anthony, http://www.airdesk.co.uk <trey.jonn@gmail.com> wrote in message news:c813c24f-c906-458c-b359-368cd45c0836@m73g2000hsh.googlegroups.com... > Is it possible to set User Rights - Bypass Traverse Checking[BTC] to > Not Defined? > > This User right is assigned by default to accounts: Everyone, > Administrators, Users, Backup Operators, Local Service, Network > Service > > When I remove all accounts assigned this User Right[BTC] using > gpedit.msc, Windows Vista assigns Local Service & network Service > accounts, the user right- BTC. > > Is it possible for a user to assign the UR, BTC to no accounts at all? > > Does undefining a user right mean that no accounts are privileged to > use this user right? > Where do I find steps to undefine this User Right? [Appendix A: > Security Group Policy Settings recommends this setting as Not Defined] > |
| Back |
| Subject: Re: How do I set User Right on Bypass traverse checking to 'Not |
| Group: microsoft.public.windows.vista.security |
| Date: 8/5/2008 7:26:22 AM |
| From: trey.jonn@gmail.com |
I'm learning how the assignment of Bypass traverse checking[BTC] User Right[UR] on Vista is different from other OSs like Win 2003. The warning in gpedit.msc points to http://go.microsoft.com/fwlink/?LinkId=17925. On browsing to that address, I get re-directed to http://support.microsoft.com/kb/823659 This article says that assigning BTC to no accounts is a risky configuration, but the article applies to OSs other than Vista [it seems logical that it also applies to Vista]. There is no change in working of BTC user right for Vista that i can locate. Why is Vista not included under OSs in 'Applies to' section? Is there any site specific for User Rights working on Vista? I want my Vista system to be secure to the greatest extent while being connected to a domain. Why does Vista assign the accounts: Local Service & Network Service, the BTC UR, when I set the User right in gpedit.msc so that no accounts are assigned the BTC UR? |
| Back |