RE: Local User Permissions in a Public, Domain Environment?
From: LordInfidel (LordInfidel_at_Directionweb.com)
Date: 06/14/03
- Previous message: Laura A. Robinson: "RE: Local User Permissions in a Public, Domain Environment?"
- Maybe in reply to: zorkshin_at_tampabay.rr.com: "Local User Permissions in a Public, Domain Environment?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'larobins@bellatlantic.net'" <larobins@bellatlantic.net>, focus-ms@securityfocus.com Date: Sat, 14 Jun 2003 16:15:14 -0400
one of the typical things to do is to remove the default permissions from
the root drive. And only allow admins and system full control, which it
sounds like your admins have done.
This just prevents common script kiddie programs from gaining console access
to c:\ w/o the correct admin u/p. IE if they gain access via an iuser
account, they still will not be able to upload file to root. However, it
sounds like they stopped there.
Unless they also restricted access to the c:\winnt directories, and locked
down the registry.
If a program does not need admin rights to install, then you should be able
to install programs.
Since typically, default permissions on the c:\winnt directories allow users
to write.
Same with the registry.
And the program, if needed, would then be able to write to the registry and
insert dll's into c:\winnt \program files area. The admins would further
need to lock down the
registry and those other areas. Not just the root drive and your home
folder.
LordInfidel
-----Original Message-----
From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
Sent: Friday, June 13, 2003 4:28 PM
To: zorkshin@tampabay.rr.com; focus-ms@securityfocus.com
Subject: RE: Local User Permissions in a Public, Domain Environment?
How had the administrators gone about setting these restrictions?
Laura
> -----Original Message-----
> From: zorkshin@tampabay.rr.com [mailto:zorkshin@tampabay.rr.com]
> Sent: Wednesday, June 11, 2003 5:49 PM
> To: focus-ms@securityfocus.com
> Subject: Local User Permissions in a Public, Domain Environment?
>
>
> Hi All (this is my first email) --
>
> Today while using a public computer at the USF Library
> (University of South Florida), I noticed that on each
> computer permissions were set for local users such that they
> were not permitted to modify any part of the C:\ drive
> excluding the home folder. Plus, the users would not be
> permitted to access any dialogues, command prompts, or "My"
> windows (i.e. the ol' typing in "C:\" in the Internet
> Explorer bar won't work). Basically, the computers were setup
> only to browse the Internet.
>
> However, I was able to install WS_FTP to a non-home folder!
> Even stranger, I was able to view, execute, and modify any
> file from the WS_FTP interface. Can someone explain so I can
> help out the admins?
>
> Thanks,
>
> -- Justin Shin
>
>
> --------------------------------------------------------------
> ---------------
> --------------------------------------------------------------
> ----------------
>
----------------------------------------------------------------------------
-
----------------------------------------------------------------------------
-- ----------------------------------------------------------------------------- ------------------------------------------------------------------------------
- Previous message: Laura A. Robinson: "RE: Local User Permissions in a Public, Domain Environment?"
- Maybe in reply to: zorkshin_at_tampabay.rr.com: "Local User Permissions in a Public, Domain Environment?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
