DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  IIS

SYSTEMS AFFECTED

  Win NT 3.51, 4.0
  

PROBLEM


    Anonymous users have same access rights as Domain Users.

    Installing IIS on a PDC (typical) results in IUSR_<nodename>
    account becoming  member of  'Domain Users'.  This gives anonymous
    guests  the  access  rights  of  'Domain  Users'  group instead of
    'Guests' group.



EXPLOIT

  

SOLUTION


    Change permissions to 'Guests' group.