How do I set User Right on Bypass traverse checking to 'Not Defined'?

T

trey.jonn

Is it possible to set User Rights - Bypass Traverse Checking[BTC] to
Not Defined?

This User right is assigned by default to accounts: Everyone,
Administrators, Users, Backup Operators, Local Service, Network
Service

When I remove all accounts assigned this User Right[BTC] using
gpedit.msc, Windows Vista assigns Local Service & network Service
accounts, the user right- BTC.

Is it possible for a user to assign the UR, BTC to no accounts at all?

Does undefining a user right mean that no accounts are privileged to
use this user right?
Where do I find steps to undefine this User Right? [Appendix A:
Security Group Policy Settings recommends this setting as Not Defined]
 
A

Anthony [MVP]

Trey,
I am not sure if I understand you correctly.
Undefined in Group Policy means that AD policies in the Group Policy
Management console do not override the Local Security Policy. So the Group
Policy for BTC rights would be Undefined, leaving the default Local Security
Policy that assigns the right to the the groups and accounts you mention.
So yes, in Group Policy you can leave the right undefined. In Local Security
Policy it will retain the default settings.
Changing the default Local Security Policy rights for BTC could create
mayhem, but perhaps you have a reason to do it?
Anthony,
http://www.airdesk.co.uk
 
T

trey.jonn

I'm learning how the assignment of Bypass traverse checking[BTC] User
Right[UR] on Vista is different from other OSs like Win 2003.

The warning in gpedit.msc points to http://go.microsoft.com/fwlink/?LinkId=17925.
On browsing to that address, I get re-directed to http://support.microsoft.com/kb/823659

This article says that assigning BTC to no accounts is a risky
configuration, but the article applies to OSs other than Vista [it
seems logical that it also applies to Vista].
There is no change in working of BTC user right for Vista that i can
locate.
Why is Vista not included under OSs in 'Applies to' section? Is there
any site specific for User Rights working on Vista?

I want my Vista system to be secure to the greatest extent while being
connected to a domain.

Why does Vista assign the accounts: Local Service & Network Service,
the BTC UR, when I set the User right in gpedit.msc so that no
accounts are assigned the BTC UR?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Survey on Bypass Traverse Checking 1
GPO Bypass traverse checking user right 2
Bypass Traverse Checking question 1
Network access issue in Home Network 2
Workgroup network -- I want to bypass the "Enter Network Password" dialog. 6
proposed changes to UAC mechanism, RunAs, and documentation 3
how to set user account ??? 5
How to enumerate Windows user accounts? 2

Top