Re: Cisco Systems VPN Client allows local logon with Elevated Privileges

• Previous message: Luca Berra: "Re: Win 2003 DNS requests makes replies over 512 byte PIX limit"
• In reply to: Nick Staff: "Cisco Systems VPN Client allows local logon with Elevated Privileges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 15 May 2003 16:35:21 +0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Dear Nick Staff,

--Wednesday, May 14, 2003, 9:09:15 PM, you wrote to NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM:

NS> an ISP. By default these settings are not locked to standard users
NS> because the configuration file responsible for holding these
NS> settings (vpnclient.ini) is installed to a non-restricted path
NS> (systemdrive%\program files\CiscoVPN).

Default settings of Windows 2000 and above (and recommended settings for
Windows NT) limit access to Program Files for users to "Read". If your
users are included in "Power Users" group, you have huge security
problem unrelated to Cisco software.

--
~/ZARAZA
Машина оказалась способной к единственному действию,
а именно умножению 2x2, да и то при этом ошибаясь. (Лем)
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
EXECUTIVE SEMINAR: "Information Security and the Disappearing Perimeter"
Join Peter S. Tippett, PhD, M.D., the industry's foremost authority on
network security, and TruSecure for a free breakfast seminar on "The Impact
of the Disappearing Perimeter." Learn how you can proactively protect your
organization against today's newest threats, including those from remote
users, business partners and wireless. To register, and to view the full
list of dates and cities, click below or call 1-888-396-8348.
http://www.trusecure.com/offer/s0096/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Luca Berra: "Re: Win 2003 DNS requests makes replies over 512 byte PIX limit"
• In reply to: Nick Staff: "Cisco Systems VPN Client allows local logon with Elevated Privileges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: GPO Update Problem (SYSVOL access via UNC) ... >> Server Security and Auditing Policy ... >> The settings in this GPO can only apply to the following groups, users, ... >> Windows Firewall: Allow file and printer sharing exception Enabled ... (microsoft.public.win2000.group_policy) Re: GPO Update Problem (SYSVOL access via UNC) ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ... (microsoft.public.win2000.group_policy) Re: GPO Update Problem (SYSVOL access via UNC) ... > Server Security and Auditing Policy ... > This list only includes links in the domain of the GPO. ... > The settings in this GPO can only apply to the following groups, users, ... (microsoft.public.win2000.group_policy) Re: Problem with NT4 domain trusting W2003 domain ... | implemented the settings you suggested in the "default domain controller ... | GPO" and not in the local GPO, and verified with GPMC that they are ... |> suspect there are some settings in security options caused this problem, ... (microsoft.public.windows.server.migration) Re: ASP.NET webs not working ... application settings were simple and easily reversible in an effort to ... The Default Web Site in IIS has "Anonymous access" checked. ... The default security and applications should be correctly configured by ... (microsoft.public.frontpage.client)