Microsoft KB Archive/812540

= Logon Scripts May Not Be Protected When They Are Stored on a Custom Shared Folder =

Article ID: 812540

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition

-



SYMPTOMS
By default, Windows stores logon scripts in a secured location. Network administrators can change the default storage location of logon scripts by storing them on a shared folder on any server. By doing so, network administrators can have greater control over the location of the logon scripts and the user permissions that are assigned to the shared folder.



MORE INFORMATION
By using a customized share, network administrators may potentially compromise security. If a network administrator configures the permissions on the customized share so that users are permitted to modify, delete, or replace script files, a virus may potentially be permitted to infect the logon scripts.

Group policy was designed to allow network administrators to use any server share to store script files. However, it is the responsibility of the network administrator to make sure that the appropriate security is established on network shares.

Keywords: kbinfo kbnofix kbbug KB812540

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.