RE: Risks posed by Windows XP Scheduled Tasks?
From: Dufresne, Pierre (PIERRE.DUFRESNE@MESS.GOUV.QC.CA)Date: 08/07/02
- Previous message: Amer Karim: "RE: windows update reporting info back to MS? (and .NET fw SP1)"
- Maybe in reply to: Dufresne, Pierre: "Risks posed by Windows XP Scheduled Tasks?"
- Next in thread: H C: "RE: Risks posed by Windows XP Scheduled Tasks?"
- Next in thread: Michael G. Greene: "Re: Risks posed by Windows XP Scheduled Tasks?"
- Reply: H C: "RE: Risks posed by Windows XP Scheduled Tasks?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dufresne, Pierre" <PIERRE.DUFRESNE@MESS.GOUV.QC.CA> To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com> Date: Wed, 7 Aug 2002 14:34:42 -0400
Of course, remotely scheduling jobs by users is unacceptable.
But, in our environment, anybody can logon on any workstation. So it is easy
for someone to logon on his neighbor's workstation and schedule some script
or program. I know that NTFS permissions will prevent the scheduled script
to access the user' files and that the same script will run as a
noniteractive process. This should restrict quite a bit what such a script
could do. But I am still nervous because scheduling a task is so easy and
also because I am not really sure of what could be done or not.
-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: 7 août, 2002 13:13
To: Dufresne, Pierre
Subject: Re: Risks posed by Windows XP Scheduled Tasks?
Pierre,
The risk associated with this is like any other...when
viewed in isolation, by itself, it seems like an
issue. However, in a reasonably well-thought-out
architecture, would you be allowing someone to log on
remotely to your system?
This issue is easily circumvented by simply not
allowing remote users to schedule jobs.
HTH
--- "Dufresne, Pierre"
<PIERRE.DUFRESNE@MESS.GOUV.QC.CA> wrote:
> Hi,
>
> I just read the following from a book called
> Microsoft Windows XP Inside
> Out:
> "The behavior of the Windows XP Scheduled Tasks
> facility points up a fact
> that you should always keep in mind when working on
> a network or sharing
> your own machine with other user accounts: It's
> possible for someone else to
> start a process that runs invisibly while you're
> logged on to your own
> account. Even though a process started by someone
> else is limited by the
> privileges available to that other user, it's
> possible for such a process to
> monitor your activities."
>
> This follows the fact that an ordinary user can
> schedule a task "At system
> startup" or "At logon". And if the user logging on
> is not the same as the
> one who scheduled the task, the task will still be
> executed.
> As a system admin of a network of 10000+
> workstations, this fact makes
> me very nervous. My first thought was a user logging
> on to another user's
> workstation and scheduling something like a key
> logger.
> I am considering the possibility of restricting
> Scheduled Tasks to
> administrators only (I konw there are some GPOs to
> do just that).
>
> Any comments on the risks posed by Scheduled Tasks?
>
> Thank you for your time
>
> Pierre Dufresne
__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
- Previous message: Amer Karim: "RE: windows update reporting info back to MS? (and .NET fw SP1)"
- Maybe in reply to: Dufresne, Pierre: "Risks posed by Windows XP Scheduled Tasks?"
- Next in thread: H C: "RE: Risks posed by Windows XP Scheduled Tasks?"
- Next in thread: Michael G. Greene: "Re: Risks posed by Windows XP Scheduled Tasks?"
- Reply: H C: "RE: Risks posed by Windows XP Scheduled Tasks?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
