1
My Experiment
- I set up a simple network with two computers, both on the same work group.
- I created a local user 'A' with password 'A' on Computer 1.
- And then I created an identically named local user 'A' with identical password 'A' on Computer 2.
My Observation
- What I notice is that when I'm logged in as 'A' in computer 2, I am allowed network access as 'A' in Computer 1, e.g., when browsing 'A' shared folders.
My Thoughts
- This is ironic as even though they are the identical in name, they are actually two different local users on two different computers!
- This to me can be a security hazard. What if coincidentally (or maliciously) a person has the same username and password in computer 2 and thus is incorrectly given access to Computer 1?
My Question:
- What is this sharing of username and password called?
- How do we enable/disable this sharing of identical local usernames and passwords between two computers?
I've also realized that this works during DCOM calls as well.
Crossposts: 1. @1:37, 2. @1:37, 3. @2:00, 4. @3:34
– StackzOfZtuff – 2017-04-18T08:44:32.140Are you sure that the folders are not configured to allow *everyone* access? Try creating a different account on one of the machines, that doesn't exist on the other, and browsing folders with that account. – MDMoore313 – 2013-05-03T02:14:37.103
If i try on different account it doesn't work. Similarly if I try with same UN but different Password TOO does not work – user1034912 – 2013-05-03T02:57:18.227
What you observed is a Windows feature to share network shared folders. Even though the password and username are the same, they are not the same user, the two users are 100% idependent. – Ramhound – 2013-05-03T11:17:24.153