Re: NT 4.0 default permissions

[@ (Igor Chudov @ home)]

Jim Laverty wrote:
> This only applies if the drive is shared.  If you go into the properties
> dialog for your NT drive.  Select the "Security" tab and select
> "Permissions".  Check off the "Replace permissions on subdirectories" option
> and change the "Everyone" permissions to whatever you feel like dealing
> with.  Also do not overuse the Auditing capabilities on "Everyone".  It can
> dramatically slow down your NT sessions.
>
> At 09:21 PM 9/25/96 +0930, Dan Shearer wrote:
> > I do not think this is a bug in the normal sense of the word, ie I think
> > that this message describes NT the way it was designed to be. Nevertheless
> > I suspect that people on this list would be glad of the information.
> >
> > If you install an NT 4.0 workstation or server, the default permissions
> > on the system partition as reported by Explorer are:
> >
> >   Everyone     Full Control (All) (All)
> >
> > This means that building a secure, restricted-use workstation is
> > difficult, and that if a server becomes compromised at the share level (eg

The full control permissions also apply to a lot of system binaries
(like the "hint" program for example). Accordingly, these programs
can be replaced by trojan horses. I have no idea why Microsoft (spit)
has decided to set such dumb permissions, but I wonder how such
configuration could be C2 certified.

        - Igor.