Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Permissions

From: "Chris Berry" <compjma () hotmail com>
Date: Fri, 06 Dec 2002 15:51:37 -0800
From: Nexus <nexus06 () drxlabs com>
goto sysinternals.com there are lots of good tools there that when run before you run an app will tell you what it is accessing, including reg keys dll , etc...
Hmm, I might try that. I wonder if its worth it though, I'm pretty paranoid when it comes to security, but this just sounds like an administrative nightmare. What is it that you think a user could do with the permissions I mentioned that they couldn't with the ones you're suggesting? I mean you're going to have to give them some write permissions in order for some of your apps to work, and then all they have to do to install software is direct it to one of those directories.
another group you can utizile is authencated users, this group will make sure a user is 'authencated' 
this group is in leiu of the 'everyone' group.
I pretty much never use the everyone group except where it is already installed. I tried setting up one machine where I removed the everyone group and gave explicit permissions instead, but win2k choked on that big time, revealing the fact that many M$ process depend on the base permissions in order to function. (bad coding practice if you ask me) 

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Live dangerously, overclock your servers."

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Previous By Date Next
Previous By Thread Next

Current thread: