Hardening the Scheduler Service

From: James Bowman (jim_at_drexel.edu)
Date: 12/23/03

Next message: Kurt Dillard: "RE: Hardening the Scheduler Service"

Previous message: Marc Fossi: "Article Announcement: Low-Level Enumeration With TCP/IP"
Next in thread: Kurt Dillard: "RE: Hardening the Scheduler Service"
Maybe reply: Kurt Dillard: "RE: Hardening the Scheduler Service"
Reply: Marius Huse Jacobsen: "Re: Hardening the Scheduler Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Dec 2003 15:45:29 -0000
To: focus-ms@securityfocus.com

('binary' encoding is not supported, stored as-is)

Anyone have experience modifying / supplanting the task scheduler service to run under another user auspice, similar to "chrooting" under win2k / XP?

If so, how are scheduled tasks affected? Can we still run jobs as other users, or are they bound to the service account?

Here's the real issue - we need a way to delegate to sys admins the ability to modify and schedule their own jobs, in their own user space, possibly invoking system binaries, all without much security dept. intervention.

Thanks and Happy Holidays.

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Kurt Dillard: "RE: Hardening the Scheduler Service"

Previous message: Marc Fossi: "Article Announcement: Low-Level Enumeration With TCP/IP"
Next in thread: Kurt Dillard: "RE: Hardening the Scheduler Service"
Maybe reply: Kurt Dillard: "RE: Hardening the Scheduler Service"
Reply: Marius Huse Jacobsen: "Re: Hardening the Scheduler Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]