RE: Hardening the Scheduler Service
From: Kurt Dillard (kurtdill_at_microsoft.com)
Date: 12/23/03
- Previous message: James Bowman: "Hardening the Scheduler Service"
- Maybe in reply to: James Bowman: "Hardening the Scheduler Service"
- Next in thread: Marius Huse Jacobsen: "Re: Hardening the Scheduler Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Dec 2003 09:16:46 -0800 To: "James Bowman" <jim@drexel.edu>, <focus-ms@securityfocus.com>
Why bother? You can easily schedule individual tasks to run in the
context of unprivileged accounts already.
-----Original Message-----
From: James Bowman [mailto:jim@drexel.edu]
Sent: Tuesday, December 23, 2003 7:45 AM
To: focus-ms@securityfocus.com
Subject: Hardening the Scheduler Service
Anyone have experience modifying / supplanting the task scheduler
service to run under another user auspice, similar to "chrooting" under
win2k / XP?
If so, how are scheduled tasks affected? Can we still run jobs as other
users, or are they bound to the service account?
Here's the real issue - we need a way to delegate to sys admins the
ability to modify and schedule their own jobs, in their own user space,
possibly invoking system binaries, all without much security dept.
intervention.
Thanks and Happy Holidays.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: James Bowman: "Hardening the Scheduler Service"
- Maybe in reply to: James Bowman: "Hardening the Scheduler Service"
- Next in thread: Marius Huse Jacobsen: "Re: Hardening the Scheduler Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
