For Windows NT and Windows 2000 servers, anonymous access, also called NULL sessions, could by default be used to access network resources. File system shares, called NULL session shares, could be configured to accept NULL sessions. This has always been the preferred way for software delivery (SD) agents, running in the LocalSystem account, to access the Software Package Library (SDLIBRARY$ share) on the scalability server.
With the Windows Server 2003, Microsoft raises the security level compared to previous versions of the server operating system. By default, anonymous access and NULL session shares are disabled. The need for anonymous access has been eliminated for computers that belong to the domain by making machine domain accounts true security principals in the Windows security system. In Windows 2000 domains, and later in Windows Server 2003 domains, access rights may be granted to machine accounts as well as user accounts.
On Windows Server 2003, NULL session shares are not used to provide these agents access to the Software Package Library. Instead, SD relies that agents are granted access to the library through their machine domain accounts. This approach, even though more secure and in line with Microsoft's recommendations, does not offer a complete solution for all supported SD agent operating environments.
Please read the article 278259 in Microsoft's Support Knowledge Base about the evolution of anonymous access on Windows operating environments.
|
Copyright © 2013 CA.
All rights reserved.
|
|