Bugtraq mailing list archives
RE: Windows Vista Power Management & Local Security Policy
From: "Greg" <bugtraq1 () pchandyman com au>
Date: Mon, 28 Jul 2008 07:26:02 +1000
-----Original Message----- From: Abe Getchell [mailto:me () abegetchell com] Sent: Friday, 18 July 2008 12:39 PM To: bugtraq () securityfocus com Subject: Windows Vista Power Management & Local Security Policy
When the security option "Shutdown: Allow system to be shutdown without
having to log on" (in the local security policy) is set to "Disable", and
the power management setting "When I press the power button" is set to
"Shut Down", it is possible for an unauthenticated user to press the power
button at the Windows logon screen and gracefully shutdown the system. The
explanation of this security option, taken from the local security policy,
is as follows:
I came into this late but I just had to comment on the above - apologies if it already happened. Since Win ME, you have been able to push the power button to gracefully shut down the computer (note I am not talking about servers that may have been altered by people with a clue but just home computers, terminals in an office that don't have someone looking after them who knows what they are doing etc). In some cases where, for whatever reason, the computer goes crappy and loses contact with the keyboard and mouse, this has been the way to shut it down without risking data by turning the power off or hitting the reset button. Personally, I don't feel that scenario is a risk because the person is there to begin with to press the button. There comes a point where the person to blame for a security issue must be the person who hired the one pushing the button to shut the machine down. Not everyone is honest but if you hire staff you have to assume they are going to do something stupid, even if accidentally, from time to time. I would prefer someone able to shut the machine down by pushing the button. I can't see why I would have to get up and drive 90 minutes to do that to a machine that is playing up when the person reporting that problem to me is presumably standing in front of it.
Current thread:
- Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 18)
- RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 19)
- RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 19)
- RE: Windows Vista Power Management & Local Security Policy Thor (Hammer of God) (Jul 21)
- RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 21)
- RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 21)
- RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 21)
- RE: Windows Vista Power Management & Local Security Policy James C. Slora Jr. (Jul 22)
- RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 22)
- RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 23)
- RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 19)
- RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 19)
- <Possible follow-ups>
- RE: Windows Vista Power Management & Local Security Policy Good Securitypractice (Jul 23)