Re: SECURITY.NNOV: Windows 2000 system partition weak default permissions

From: Dan Harp (dan-o@SPUTNIK.ORG)
Date: 08/06/02 

Date:         Mon, 5 Aug 2002 21:09:42 -0400
From: Dan Harp <dan-o@SPUTNIK.ORG>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Greetings,

The only decent MSKB I could find to lockdown the system drive
(C$ w\winnt), was the following:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q271071

Which on a fresh install of 2K, IIS5, and all patches, breaks
ASP with the following:

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 08/07/2002
Time: 5:43:28 PM
User: Server\IWAM_Server
Computer: Server
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINNT\SYSTEM32\DLLHOST.EXE
New Handle ID: -
Operation ID: {0,83610}
Process ID: 472
Primary User Name: Server$
Primary Domain: NETONE
Primary Logon ID: (0x0,0x3E7)
Client User Name: IWAM_Server
Client Domain: Server
Client Logon ID: (0x0,0x1467E)
Accesses ReadAttributes

Privileges -

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 08/07/2002
Time: 5:43:28 PM
User: Server\IWAM_Server
Computer: server
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINNT\TEMP
New Handle ID: -
Operation ID: {0,83602}
Process ID: 472
Primary User Name: Server$
Primary Domain: NETONE
Primary Logon ID: (0x0,0x3E7)
Client User Name: IWAM_Server
Client Domain: Server
Client Logon ID: (0x0,0x1467E)
Accesses ReadAttributes

Privileges -

So I went as far as giving IWAM almost full control to the temp
folder and RX to dllhost.exe, on top of the instructions above.

Does anyone have a solid C$: (Sys drive) file system permissions
guideline for a Win2k Web Server utilizing some ASP and database
domains/webs? No one seems to have a workable solution, besides
leaving the default -- no thanks!

Thank you,

--Dan

Relevant Pages

  • Re: UnauthorizedAccessException when using MSDTC
    ... dispatcher2 is the user logged on the client pc. ... Event Source: Security ... Object Server: SC Manager ... Primary Domain: BLITZ ...
    (microsoft.public.data.ado)
  • Re: Routing and Remote Access - Authentication Failure
    ... because the real client computer can tunel through it's local NAT router, ... travel the Intrenet, join the VPN and access the server, when this feature ... Their security system decided that the server was trying to steel ...
    (microsoft.public.windows.server.networking)
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • RE: Problems with security requirements in Windows WorkGroups.
    ... "A remote side security requirement was not fulfilled during authentication. ... small chat application between a client and a server ... When I try to use the TCP channel I get the error (with NO inner exception ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: VPN -- the next consumer "turnkey"?
    ... I'm not a security expert. ... "A Hamachi system is comprised of backend servers and end-node ... Server nodes track client's locations and provide ... services without providing Hamachi with a list of client IP's. ...
    (alt.internet.wireless)