funsec mailing list archives

Re: Load ActiveX Controls on Vista Without Administrator Priv ileges

From: "Jerry Hill" <malaclypse2 () gmail com>
Date: Mon, 3 Jul 2006 14:06:57 -0400

On 7/3/06, Fergie <fergdawg () netzero net> wrote:

The issues is, at least from my perspective, is that the ability
for an "...administrator can go into a console and define a list
of Web sites and applications that are preapproved..." does not
seem to (at first blush) be tightly integrated to the ability to
bypass this control entirely.


I must be dense, because I still don't understand what you're saying.
If the administrator has issued you a non-admin account, I don't think
you can bypass the whitelist.  If you want to install something not on
the whitelist, you'll need an account with admin privledges to do
so[1].

Or are you saying that you'd like the domain administrator to be able
to disable the whitelist entirely?  I assume that wouldn't be a
problem, but I suppose I could be wrong.

[1] - Assuming no bugs in the implementation on Microsoft's part, of course.

--
Jerry
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Load ActiveX Controls on Vista Without Administrator Priv ileges Fergie (Jul 03)
- Re: Load ActiveX Controls on Vista Without Administrator Priv ileges Jerry Hill (Jul 03)
- Re: Load ActiveX Controls on Vista Without Administrator Priv ileges Dude VanWinkle (Jul 03)