Re: Permissions on the MachineKeys Directory

From: David Cross [MS] (dcross@online.microsoft.com)
Date: 09/24/02

• Next message: George M. Garner Jr.: "Re: ie6sp1"
• Previous message: David Cross [MS]: "Re: EAP/TLS for Pocket PC"
• In reply to: Larry Shields: "Re: Permissions on the MachineKeys Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "David Cross [MS]" <dcross@online.microsoft.com>
Date: Tue, 24 Sep 2002 06:26:58 -0700

Yes, check just to make sure. Likely, you will be fine.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Larry Shields" <larrys@aqssys.com> wrote in message
news:uKLTB2wYCHA.1456@tkmsftngp10...
> Our situation is Windows 2000 Server; the directory is
> C:\Documents and Settings\All Users\Application
> Data\Microsoft\Crypto\RSA\MachineKeys
>
> Should I be asking the OCX provider if there is a specific key? I believe
> they are using the CryptoAPI
>
> thanks,
>
> ==Larry
>
> "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> news:OTcE7XwYCHA.3736@tkmsftngp08...
> > BY default in XP SP1 and .NET Server, I believe machine key container
> > permissions are set to allow SYSTEM and Creator/Owner as wel..  This is
> > fine.  if you have to set all key containers to allow your OCX to access
> all
> > machine keys, then that is a problem.
> >
> > --
> >
> > David B. Cross [MS]
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > "Larry Shields" <larrys@aqssys.com> wrote in message
> > news:esV7JMwYCHA.2440@tkmsftngp08...
> > > We are using a 3rd party OCX called by one of our DLLs  which is
called
> by
> > > an ASP Page. The OCX is unable to encrypt unless we give the IUSER
> account
> > > Read permissions on the MachineKeys directory. Is this a security
hole?
> Is
> > > there some other more restrictive permission that would be better? the
> > > Advanced section offers more options, but I can find no documentation
> > > explaining what those permissions mean in the context.
> > >
> > > Thanks,
> > >
> > > ==Larry
> > >
> > >
> >
> >
>
>

---

• Next message: George M. Garner Jr.: "Re: ie6sp1"
• Previous message: David Cross [MS]: "Re: EAP/TLS for Pocket PC"
• In reply to: Larry Shields: "Re: Permissions on the MachineKeys Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Install Windows Patch via GPO ... This posting is provided "AS IS" with no warranties, and confers no rights. ... (microsoft.public.windows.group_policy) Re: Trust windows 2k to windows 2k3 ... This posting is provided "AS-IS" with no warranties or guarantees and ... confers no rights. ... only reply to Newsgroups ... (microsoft.public.windows.server.active_directory) Re: Trust windows 2k to windows 2k3 ... This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. ... only reply to Newsgroups ... (microsoft.public.windows.server.active_directory) Re: Installing a 360 Media Center Extender ... This posting is provided "AS IS" with no warranties, and confers no rights. ... (microsoft.public.windows.mediacenter) Re: Trust windows 2k to windows 2k3 ... This posting is provided "AS IS" with no warranties, and confers no rights. ... only reply to Newsgroups ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)