Re: Permissions

[Nexus <nexus06 () drxlabs com>]

That is way to much,

With that much access, users / attackers can have almost full control 
over the machine. What i would do is create a group for each type of 
program,
and  place that group in the image(if you have standard images) .

then just setup the access that program needs, with said group. this way 
ONLY users with a valid need get access to programs they are suppose to 
have.
i have a few programs like that, what i did is hunt down every registry 
key it used and apply premissions to that key in a standard image on an 
as needed basis along
with file prems. (with domian groups)

also sometimes giving the SYSTEM group more access or adding it fixs 
some issues so try that also.

trust me:

In the long run its better to have it setup correctly then to have a hay 
wired setup.


Nexus



Chris Berry wrote:

> When I originally started setting up the network at this place I tried 
> giving only the specifice permissions necessary for each program we 
> had installed. (Talking about win2k ACLs here to be specific)  After a 
> while it turned into a bit of a nightmare and I basically ended up 
> giving the DOMAIN USERS group write access to Program Files, WINNT, 
> and full control of HKEY Local Machine on Local Machine\Software  This 
> seems to work well, but I'm wondering if anyone thinks its an 
> unreasonable amount of permission, and if so, what do they do instead?
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "And here in our server room you can see our Beowolf Cluster of C64's 
> that keeps our enterprise on the very cutting edge of technology."
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
> http://join.msn.com/?page=features/virus