Re: disclosure the administrative password

From: Anthony Viaene (admin_at_counterweb.be)
Date: 02/02/05

  • Next message: Jack Me: "Re: disclosure the administrative password"
    Date: Wed, 02 Feb 2005 16:55:48 +0100
    To: cyberpixl <cyberpixl@gmail.com>
    
    

    You could make an new user 'Installer' with limit security rights so
    this user can only install software but nothing else.
    By this way you could limit the damage if someone finds the password.

    Greetz,
    Anthony

    cyberpixl wrote:

    >using remote administration software maybe? ;)
    >
    >
    >On Tue, 1 Feb 2005 14:50:08 +0200, Boris Skoblo
    ><borsk@techunix.technion.ac.il> wrote:
    >
    >
    >>Hi All,
    >>
    >>There is a usual situation: on normal users computers ( W2k and Winxp ) an
    >>administrator should perform an administrative actions
    >>(for example, with help RunAs) thus the administrative password is entered.
    >>Do exist a potential possibility that on the user's computer
    >>there is keylogger.
    >>
    >>What ways to perform administrative operations exist, thus not endangering
    >>disclosure the administrative password? There are some limitations:
    >>
    >>1. usage of smarts-cards and others hardvare devices are not applicable .
    >>
    >>2. performed operations cannot be delegated for various reasons
    >>
    >>3. keylogger is custom designed and any of existing protective software yet
    >>does not find out it
    >>
    >>------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    >>
    >>Regards,
    >>
    >>Boris Skoblo
    >>
    >>---------------------------------------------------------------------------
    >>---------------------------------------------------------------------------
    >>
    >>
    >>
    >>
    >
    >---------------------------------------------------------------------------
    >---------------------------------------------------------------------------
    >
    >
    >
    >.
    >
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Jack Me: "Re: disclosure the administrative password"