Security Basics mailing list archives
Re: Permissions
From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 05 Dec 2002 11:17:16 -0800
From: Nexus <nexus06 () drxlabs com> That is way to much,With that much access, users / attackers can have almost full control over the machine.
Only if they have an authenticated user account, at which point, you're pretty much hosed anyways, right?
What i would do is create a group for each type of program, and place that group in the image(if you have standard images) .then just setup the access that program needs, with said group. this way ONLY users with a valid need get access to programs they are suppose to have.
Most programs run under the USERS permissions, how would you put a program in a group?
i have a few programs like that, what i did is hunt down every registry key it used and apply premissions to that key in a standard image on an as needed basis along with file prems. (with domian groups) also sometimes giving the SYSTEM group more access or adding it fixs some issues so try that also.
I had alot of trouble finding the necessary permissions most programs, alot of them assume you are admin, or running on win9x Kept having wierd errors all the time, very frustrating.
trust me, in the long run its better to have it setup correctly then >to have a hay wired setup.
I totally agree with that, or I wouldn't have posted the question in the first place.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Live dangerously, overclock your servers." _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Current thread:
- Permissions Chris Berry (Dec 04)
- Re: Permissions Nexus (Dec 05)
- <Possible follow-ups>
- Re: Permissions Chris Berry (Dec 05)
- Re: Permissions Nexus (Dec 06)
- Re: Permissions Chris Berry (Dec 09)
- Re: Permissions Nexus (Dec 10)
- RE: Permissions Chris Berry (Dec 13)