Educause Security Discussion mailing list archives
Re: security for Windows logoff scripts writing to log files
From: Mike Phillips <mphillips () CLARION EDU>
Date: Fri, 18 Jan 2008 09:17:31 -0500
Kevin: I am doing similar tracking in a central log file. Here is how I had to setup the log file share and folder permissions for the Authenticated Users group: Windows Share: READ, CHANGE Folder Permissions: Create Files / Write Data Create Folders / Append Data Write Attributes Write Extended Attributes Delete With these settings Authenticated Users can append to the existing log file, but cannot list the contents of the share/folder or delete files. Mike Phillips Clarion University of Pennsylvania -----Original Message----- From: Kevin Shalla [mailto:kshalla () UIC EDU] Sent: Thursday, January 17, 2008 5:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] security for Windows logoff scripts writing to log files I'm writing a vbscript logoff script to track time, computer, IP address, username, and other stuff for our Windows computers. Now I've got it configured so that the script (on the server) is open to everyone for reading, and the log file (again on the server) is open to writing for everyone. Before I put this into production, I would like to set it so that users can only update the log file while running the logoff script, and then can only append records at the end. Is there a way to set this up?
Current thread:
- security for Windows logoff scripts writing to log files Kevin Shalla (Jan 17)
- <Possible follow-ups>
- Re: security for Windows logoff scripts writing to log files Brad Judy (Jan 17)
- Re: security for Windows logoff scripts writing to log files Mike Phillips (Jan 18)
- Re: security for Windows logoff scripts writing to log files Themba Flowers (Jan 18)