RE: Disabling sharing and group policies

• Previous message: Laura A. Robinson: "RE: Disabling sharing and group policies"
• In reply to: Ansgar Wiechers: "Re: Disabling sharing and group policies"
• Next in thread: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Reply: Ansgar Wiechers: "Re: Disabling sharing and group policies"
• Reply: Laura A. Robinson: "RE: Disabling sharing and group policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Ansgar Wiechers'" <bugtraq@planetcobalt.net>, <focus-ms@securityfocus.com>
Date: Fri, 12 Sep 2003 20:35:55 +0400

> I still don't see why you won't remove your users from the
> local administrators' group and spare yourself the trouble.

> I haven't run into a single application that couldn't
> be persuaded to run with reduced privileges.

[Sorry if it is offtopic...]

Why administrators must pesuade some applications to run with reduced
privileges anyway? I mean, why don't software developers care about that in
first place? Isn't that strange when you must have Administrator privileges
to just... Scan a picture? Write to CD? Whatever *not-administrative*
tasks...

Can you please point me to some public source of information about common
ways to make an application to run under user privileges if it won't? As I
understand, one should run some filemon- regmon-like tools to monitor
application and then make resources needed by app to be available under user
account. Is there any otner tips you can share?

Thanks,
Al.

> -----Original Message-----
> From: Ansgar Wiechers [mailto:bugtraq@planetcobalt.net]
> Sent: Thursday, September 11, 2003 12:46 AM
> To: focus-ms@securityfocus.com
> Subject: Re: Disabling sharing and group policies
>
>
> On 2003-09-10 Matthew Wagenknecht wrote:
> > I'm looking for a solution to keep honest people honest.. I will be
> > monitoring the network for Everyone shares. If I find any,
> I will know
> > that it was intentional to circumvent the Group Policy. That way I
> > don't have to deal with "I didn't know any better".. I'm
> not looking
> > for a DoD implementation.
>
> I still don't see why you won't remove your users from the
> local administrators' group and spare yourself the trouble.
> Please don't give me that old "our applications require this"
> crap. I haven't run into a single application that couldn't
> be persuaded to run with reduced privileges.
>
> Regards
> Ansgar Wiechers
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web application
> scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> --------------------------------------------------------------
> -------------
>

---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------

• Previous message: Laura A. Robinson: "RE: Disabling sharing and group policies"
• In reply to: Ansgar Wiechers: "Re: Disabling sharing and group policies"
• Next in thread: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Reply: Ansgar Wiechers: "Re: Disabling sharing and group policies"
• Reply: Laura A. Robinson: "RE: Disabling sharing and group policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]