Security Basics mailing list archives
Re: Threat vector of running a service using a domain account
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Wed, 12 Sep 2007 13:01:29 -0700
Are the users admins on their own machines? If so, a login script to add permissions for another group (LocalServiceAccounts, perhaps?) would work. Otherwise, a policy to add the AD group to the local Administrators group would probably work well. On 9/12/07, Ali, Saqib <docbook.xml () gmail com> wrote:
I can't reveal the name of the application, but it is 3rd party non-MS application. The reasons it puts itself in the Domain Admin group is that it needs administrative access to the client computers. And Domain Admin group is part of the Local Administrator group on all client computers it works out nicely. saqib http://security-basics.blogspot.com/
Current thread:
- Threat vector of running a service using a domain account Ali, Saqib (Sep 11)
- RE: Threat vector of running a service using a domain account Jesse Eaton (Sep 12)
- Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
- RE: Threat vector of running a service using a domain account Jesse Eaton (Sep 12)
- Re: Threat vector of running a service using a domain account Kurt Buff (Sep 12)
- Re: Threat vector of running a service using a domain account badz (Sep 13)
- Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
- RE: Threat vector of running a service using a domain account Ramsdell, Scott (Sep 12)
- Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
- Re: Threat vector of running a service using a domain account gjgowey (Sep 13)
- Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
- Re: Threat vector of running a service using a domain account James Fryman (Sep 13)
- <Possible follow-ups>
- Re: Threat vector of running a service using a domain account jfvanmeter (Sep 12)
- Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
- Re: RE: Threat vector of running a service using a domain account levinson_k (Sep 12)
- Re: Threat vector of running a service using a domain account jfvanmeter (Sep 12)
- Re: Re: Threat vector of running a service using a domain account levinson_k (Sep 12)
(Thread continues...)
- RE: Threat vector of running a service using a domain account Jesse Eaton (Sep 12)