Security Basics mailing list archives
Re: Permissions
From: Nexus <nexus06 () drxlabs com>
Date: Thu, 05 Dec 2002 09:16:51 -0800
That is way to much,With that much access, users / attackers can have almost full control over the machine. What i would do is create a group for each type of program,
and place that group in the image(if you have standard images) .then just setup the access that program needs, with said group. this way ONLY users with a valid need get access to programs they are suppose to have. i have a few programs like that, what i did is hunt down every registry key it used and apply premissions to that key in a standard image on an as needed basis along
with file prems. (with domian groups)also sometimes giving the SYSTEM group more access or adding it fixs some issues so try that also.
trust me:In the long run its better to have it setup correctly then to have a hay wired setup.
Nexus Chris Berry wrote:
When I originally started setting up the network at this place I tried giving only the specifice permissions necessary for each program we had installed. (Talking about win2k ACLs here to be specific) After a while it turned into a bit of a nightmare and I basically ended up giving the DOMAIN USERS group write access to Program Files, WINNT, and full control of HKEY Local Machine on Local Machine\Software This seems to work well, but I'm wondering if anyone thinks its an unreasonable amount of permission, and if so, what do they do instead?Chris Berry compjma () hotmail com Systems Administrator JM Associates"And here in our server room you can see our Beowolf Cluster of C64's that keeps our enterprise on the very cutting edge of technology."_________________________________________________________________MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
Current thread:
- Permissions Chris Berry (Dec 04)
- Re: Permissions Nexus (Dec 05)
- <Possible follow-ups>
- Re: Permissions Chris Berry (Dec 05)
- Re: Permissions Nexus (Dec 06)
- Re: Permissions Chris Berry (Dec 09)
- Re: Permissions Nexus (Dec 10)
- RE: Permissions Chris Berry (Dec 13)