Bugtraq mailing list archives
NT 4.0 default permissions
From: itudps () lux levels unisa edu au (Dan Shearer)
Date: Wed, 25 Sep 1996 21:21:41 +0930
I do not think this is a bug in the normal sense of the word, ie I think that this message describes NT the way it was designed to be. Nevertheless I suspect that people on this list would be glad of the information. If you install an NT 4.0 workstation or server, the default permissions on the system partition as reported by Explorer are: Everyone Full Control (All) (All) This means that building a secure, restricted-use workstation is difficult, and that if a server becomes compromised at the share level (eg through SMB bugs) there is no underlying file permission protection. Note that the group Everyone includes the unpassworded Guest account (which should always be regarded with great suspicion in any case.) There have been several recipes developed for tightening up the security of NT 3.51 file permissions which list what files can and cannot be restricted. It seems that similar recipes need to be developed for NT 4.0, starting from scratch. -- Dan Shearer email: Dan.Shearer () UniSA edu au Information Technology Unit Phone: +61 8 302 3479 University of South Australia Fax : +61 8 302 3385
Current thread:
- Vunerability in HP sysdiag ? John W. Jacobi (Sep 21)
- Re: Vunerability in HP sysdiag ? Shaun Lowry (Sep 25)
- Re: Vunerability in HP sysdiag ? Aggelos P. Varvitsiotis (Sep 25)
- Re: Vunerability in HP sysdiag ? Tobias Richter (Sep 25)
- NT 4.0 default permissions Dan Shearer (Sep 25)
- HP-UX SAM hole... John W. Jacobi (Sep 25)
- NT security et al *Hobbit* (Sep 25)