Programmatically discovering "guest only" sharing/security model

Question

On Modern Windows, the default configuration is done in such a way that if I network-login as a local user, I actually only get authenticated as a guest (more details about this behavior is explained in http://technet.microsoft.com/en-us/library/cc786449(WS.10).aspx)

When my program tries to access WMI on this kind of servers via DCOM, I simply get "Access Denied" error, presumably because a guest user isn't allowed to connect to WMI.

I'd like to differentiate this error from other kinds of access denied errors, such as a wrong password or non-existent user name, so that I can explain to the user what they need to fix the problem.

So my question is, what can I do to detect such a server. I'm thinking that if there's some COM components that can be activated by a guest, that would do --- I can try to activate such a component, and if that works, I know that my login credential was correct. But I can't think of any such concrete component.

Does anyone know such a component? Or any other ways of diagnosing this situation?

Answer 1

No, I cannot recall that there is a DCOM server that can be accessed by a guest. Wouldn't that be unsafe? If you have time you can check all security settings of DCOM servers using dcomcnfg. Maybe there is a guest. But I don't think so.

On the other side. You cannot see the reason behind AccessDenied on the client side because that would make the server more vulnerable. If an attacker could distinguish between different kinds of access denied errors, he probably would be able to adapt his actions accordingly. But if you have access to the server you can activate DCOM logging (see http://support.microsoft.com/?scid=kb%3Ben-us%3B892500&x=18&y=11)

As a solution, I suggest that you write such a and similar problems and how they happen into a FAQ/Readme/Webpage. People tend to rather search the web than read a message box.