RE: On the topic of Windows Hardening

From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 11/12/05

Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: On the topic of Windows Hardening"

Previous message: David LeBlanc: "RE: What server hardening are you doing these days?"
In reply to: Peter Hyvonen: "On the topic of Windows Hardening"
Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: On the topic of Windows Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 12 Nov 2005 16:49:36 -0500
To: "'Peter Hyvonen'" <phyvonen@selfcharge.com>, <focus-ms@securityfocus.com>

You can use the application compatibility toolkit to determine the actual
file system, registry and OS privileges needed for the application to run,
then make a custom database that allows you to configure the permissions on
the machines on which the application runs. It doesn't make a "fake" admin
account, but it does something better- it lets you figure out what you
*truly* need to do to let the application run in the context (hopefully) of
a user.

Might be worth looking at.

Laura

> -----Original Message-----
> From: Peter Hyvonen [mailto:phyvonen@selfcharge.com]
> Sent: Friday, November 11, 2005 6:18 PM
> To: focus-ms@securityfocus.com
> Subject: On the topic of Windows Hardening
>
> Its there a way to 'fake' an administrator account? I ask
> because our MRP software requires the user have complete
> local privliges (power user accounts do not work) I've
> complained but changing MRP software is not an option. We
> have alot of small fires because the users of the MRP
> software have to be administrator on their own box. Thanks in advance
>
> Pete Hyvonen
> Systems Specialist
> Self Charge Inc.
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: On the topic of Windows Hardening"

Previous message: David LeBlanc: "RE: What server hardening are you doing these days?"
In reply to: Peter Hyvonen: "On the topic of Windows Hardening"
Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: On the topic of Windows Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: paging file resets on reboot
... It sounds like the file system and or registry ... I attempted to check the rights of the system account and the ... > | administrator account in safe mode, ... Web info I could find plus all the usual drive permissions, ...
(microsoft.public.windowsxp.perform_maintain)
Re: Service running as Local system account Unable to map drive on
... Hi Joe and Phillip ... account has full permissions on both the share and the file system itself. ... Security Eventlog: ...
(microsoft.public.security)
Re: ASPNET account doesnt exist on Windows Server 2003
... On the file system? ... >> This will create the ASPNET account the the ASPNET_WP.exe executable. ... >>> granting access rights to the resource to the ASP.NET request identity. ... >>> bebop ...
(microsoft.public.windows.server.general)
Re: App pool identity
... restrict that account to some files you're accessing on the file system ... allow for trusted access to the database, and ... you are trying to use a different account because you want ...
(microsoft.public.dotnet.framework.webservices)
Re: Default User Serurity Permission
... I checked my copy of file system changes contained in the file system ... section of secsetup.inf and Documents and Settings is not covered, ... > to adjust to account creation after setup. ...
(microsoft.public.windowsxp.security_admin)