Re: Alternative to Windows Explorer
From: steve (securityfocus_at_delahunty.com)
Date: 06/08/04
- Previous message: Mark Medici: "RE: LInksys router BEFSR41 dead... anything i can do?"
- In reply to: Brad Germany: "Re: Alternative to Windows Explorer"
- Next in thread: Marcelo Lećo Caffaro: "ACL in Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Brad Germany" <b.germany@mchsi.com>, <security-basics@securityfocus.com> Date: Tue, 8 Jun 2004 17:02:13 -0400
One drawback if you use that "runas" approach then you really won't know
which actual admin did what on a box, the loggin will just note
Administrator versus their using their actual account. We have seen auditor
requirements to log "who does what" verus having folks logged in as
Administrator. You could of course use an administrator account for each
admin, a variation of their normal account.
In the "old" days of NetWare we also did not have admins with Administrator
rights to ensure they didn't accidentally screw something up while doing
their work, they had to really realize they were logged in as Administrator.
An option for your needs would be to require your Administrators to Terminal
into one of your Windows servers running Terminal Services. They can then
run all their commands from there.
STEVE
----- Original Message -----
From: "Brad Germany" <b.germany@mchsi.com>
To: <security-basics@securityfocus.com>
Sent: Monday, June 07, 2004 10:29 PM
Subject: Re: Alternative to Windows Explorer
Has the use of logon scripts utilizing "net use..." been considered? Can't
remember the exact syntax right off the top of my head, but at my workplace
we have these in regular user and admin logon scripts to map various drive
letters to network shares.
Brad
----- Original Message -----
From: "Halverson, Chris" <chris.halverson@encana.com>
To: "'Lambillion, Paul'" <Paul.Lambillion@Markelintl.COM>
Cc: <security-basics@securityfocus.com>
Sent: Monday, June 07, 2004 08:12
Subject: RE: Alternative to Windows Explorer
> I am fully aware of the shift-right click command in win 2k and win xp,
but
> he was asking about alternate programs that his admins could use to
windows
> explorer. The command line gives you a little more options than using the
> shift right-click plus scripts can be made for admins to run for ease of
use
> as well. Real men don't click! LOL
>
> -----Original Message-----
> From: Lambillion, Paul
> Sent: Monday, June 07, 2004 1:37 AM
> To: Halverson, Chris
> Subject: RE: Alternative to Windows Explorer
>
>
> Chris
>
> Have you tried doing shift-right click? On my Win2k box it gives you more
> options, including run-as...
>
> Regards
>
> Paul
>
> -----Original Message-----
> From: Halverson, Chris
> Sent: 04 June 2004 18:59
> To: 'Locher Thomas'; security-basics@securityfocus.com
> Subject: RE: Alternative to Windows Explorer
>
>
> Thomas,
>
> You could also try a command line runas to progman.exe. Yes the old
program
> manager from win 3.1 days still lives on newer versions of Windows. You
> could run any number of programs with this interface. The only downfall
is
> that you need to be local admin on the box to run properly, in what I
found.
> And trying to remember how progman works is another
>
> ; )
>
> CH
>
> ------------------------------------------
> Subject: Alternative to Windows Explorer
>
>
> Dear List,
>
> we are trying to work out a policy, that every admin should be logged on
to
> his client (WinXP-SP1) with a non-administrative account (smartcard logon)
> and start the programs for administrative tasks with the runas - command
as
> admistrator. That works rather good, the account cannot access our
> fileservers and all the other things that can be compromised by a worm or
> virus. There's just one problem, you can't start windows explorer with
> runas. We use the internet explorer (runas with the administrative
account)
> for managing file servers, but this is rather bad (for example there is no
> automatic refresh). Is there an alternative to windows explorer with the
> same features? The few i found cannot access the network by typing UNC
> Paths, only with mapped drives - they are more useful for local usage.
>
> Best regards,
> Thomas
>
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
-- > > > ************************************** > CONFIDENTIALITY NOTICE/DISCLAIMER > > This email and any attachments are confidential, > protected by copyright/intellectual property rights and > may be legally privileged. If you are not the intended > recipient, dissemination or copying of this email is > prohibited. > > If you have received this in error, please notify us by > forwarding this email to the following address > ( mailto:Support.Desk@Markelintl.Com ) and then > delete the email completely from your system. > > This email and any attachments have been scanned for > computer viruses by a market leading anti-virus system. > However, it is the responsibility of the recipient to conduct its own > security measures. No responsibility is accepted by Markel International > Ltd. and/or its > subsidiaries/service companies for loss or damage > arising from the receipt or use of this email and any > attachments. > > No responsibility is accepted by Markel International Ltd. and/or its > subsidiaries/service companies for personal emails. > > Markel International Ltd, http://www.Markelintl.Com > > ************************************** > > -------------------------------------------------------------------------- - > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off > any course! All of our class sizes are guaranteed to be 10 students or less > to facilitate one-on-one interaction with one of our expert instructors. > Attend a course taught by an expert instructor with years of in-the-field > pen testing experience in our state of the art hacking lab. Master the skills > of an Ethical Hacker to better assess the security of your organization. > Visit us at: > http://www.infosecinstitute.com/courses/ethical_hacking_training.html > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Mark Medici: "RE: LInksys router BEFSR41 dead... anything i can do?"
- In reply to: Brad Germany: "Re: Alternative to Windows Explorer"
- Next in thread: Marcelo Lećo Caffaro: "ACL in Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
