Security Basics mailing list archives

RE: Unwanted programs on Win2K

From: "Simon Taplin" <simont () lantic net>
Date: Tue, 4 Feb 2003 22:26:35 +0200

Hello Ahaly

As an admin working in a uni enviroment, I have seen this before.

It depends on what the admins have set up. Some accounts may be Part of the
Power Users group which gives them rights to install for that user only.
Your's might be part of the more restricted Users group. Also, some progs
let you install, and then reboot the machine, and when you log back in, ask
for the Administrator account to finish the install but if you press cancel,
still work.

NExt reason is that some apps might not need Administrator access to
install.

Last possible reason, - your fellow students have gotten hold of an
Administrator password.

Simon

Quote of the day:
Systems Administration is the kind of job that nobody notices if you're
doing it well. People only take notice of their systems when they're not
working.

-----Original Message-----
From: ahaly () softhome net [mailto:ahaly () softhome net]
Sent: 02 February 2003 01:38
To: security-basics () securityfocus com
Subject: Unwanted programs on Win2K




Hey,

This question is not from an admin but a end-user. I am doing my studies
in a big university and we have many Win2K machines in our labs and
library.

Sometimes I find applications like Yahoo and MSN Messenger installed on
these machines. I have also sometimes seen things like Kazaa. Technically
these are not supposed to be there. As in only the apps that are installed
by admins are supposed to be there and the above mentioned apps are not
part of the admin list of apps. When I try to install an application, I
get an error saying that I dont have privileges. I know I dont have
privileges but there is someone out there who has found a way to bypass
the restrictions.

Question: How can someone bypass restrictions in Win2k to install software
when he doesnt have proper privileges?
Reason for asking question: If someone can install Kazaa, someone can also
install a keyreader or something like that.
Maybe I am paranoid, but everytime I login, maybe I am telling someone -
hey, this is my passwrd.


Ahaly

---

This email has been scanned by AVG Anti-Virus
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 2003/01/27

Current thread:

Unwanted programs on Win2K ahaly (Feb 03)
- RE: Unwanted programs on Win2K Simon Taplin (Feb 05)
  - RE: Unwanted programs on Win2K Tim V - DZ (Feb 05)
- <Possible follow-ups>
- re: Unwanted programs on Win2K H C (Feb 04)
  - re: Unwanted programs on Win2K Jeremy Gaddis (Feb 06)
- RE: Unwanted programs on Win2K Gedi (Feb 04)
  - Re: Unwanted programs on Win2K Kamran Muzaffer (Feb 05)
    - Re: Unwanted programs on Win2K Pez Mohr (Feb 05)
    - RE: Unwanted programs on Win2K dave (Feb 06)
- RE: Unwanted programs on Win2K Harris Samuel W PORT (Feb 04)
  - Re: Unwanted programs on Win2K Meritt James (Feb 05)
- RE: Unwanted programs on Win2K Chris Berry (Feb 04)

(Thread continues...)