Re: Permissions

["Chris Berry" <compjma () hotmail com>]

> From: Nexus <nexus06 () drxlabs com>
> That is way to much,
> With that much access, users / attackers can have almost full control over 
> the machine.

Only if they have an authenticated user account, at which point, you're 
pretty much hosed anyways, right?

> What i would do is create a group for each type of program,
> and  place that group in the image(if you have standard images) .
> then just setup the access that program needs, with said group. this way 
> ONLY users with a valid need get access to programs they are suppose to 
> have.

Most programs run under the USERS permissions, how would you put a program 
in a group?

> i have a few programs like that, what i did is hunt down every registry key 
> it used and apply premissions to that key in a standard image on an as 
> needed basis along with file prems. (with domian groups)
> also sometimes giving the SYSTEM group more access or adding it fixs some 
> issues so try that also.

I had alot of trouble finding the necessary permissions most programs, alot 
of them assume you are admin, or running on win9x  Kept having wierd errors 
all the time, very frustrating.

> trust me, in the long run its better to have it setup correctly then >to 
> have a hay wired setup.

I totally agree with that, or I wouldn't have posted the question in the 
first place.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Live dangerously, overclock your servers."

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail