Re: Appropriate permissions
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/09/02
- Next message: Karl Levinson [x y] mvp: "Re: Locked out of Windows 2000"
- Previous message: JR: "Re: Locked out of Windows 2000"
- In reply to: LWG: "Re: Appropriate permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Sat, 9 Nov 2002 10:05:25 -0500
Don't know about Oracle, you'd probably want to check with their web site or
newsgroups [unless someone here knows the answer]. My guess is that there's
a document of security recommendations on the web site. Ditto for SQL..
check out:
www.sqlsecurity.com
www.microsoft.com/technet/security/prodtech/dbsql
www.microsoft.com/support
And I would also recommend following checklists on how to secure Windows
2000 as well:
http://securityadmin.info/faq.htm#harden
"LWG" <lgovedi1@tampabay.rr.com> wrote in message
news:#OpyZe$hCHA.3708@tkmsftngp08...
> Karl,
> Thx for the reply. One more thing. What about accounts that are used
to
> run Oracle/SQL for example. Should I deny them logon local or will this
keep
> Oracle from starting/running? These are some things that I need to get my
> arms around. Thx for the quick response...
>
> L
>
>
>
>
>
> "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> wrote in message
> news:#ZxY#A$hCHA.1676@tkmsftngp08...
> >
> > "LWG" <lgovedi1@tampabay.rr.com> wrote in message
> > news:unCJIh#hCHA.3708@tkmsftngp08...
> > > I have to lock down 30-35 Win2k servers. These servers have everything
> > from
> > > Clustered Oracle to stand alone app. servers/ web etc. What I want to
do
> > is
> > > keep people from creating shares at will and changing file system
> > > permissions, which really gets out of hand. Also, with id's that run
> > > applications I would like to not allow them to be able to log on
> locally,
> > > however still be able to run the application. Does anyone have some
> ideas
> > on
> > > best practice?
> >
> > First, they absolutely cannot be in the local administrators group and
> > should just be Users. They will not be able to install software and
will
> > lose a lot of other rights, but there is nothing you can do to lock down
a
> > system this way from an administrator. Anyways, people generally work
on
> a
> > server as a normal user and use RUNAS temporarily when installing
> > something... and also it's not really appropriate to have so many people
> or
> > accounts with administrator priviledges on any one computer or domain.
> >
> > Next, remove NTFS full control permission from all files and folders for
> the
> > Users group and any other groups these accounts are in.
> >
> > Then, log in as one of the users and confirm whether they can or cannot
> > create a share.
> >
> > I can't think of any other way to do this.
> >
> >
> >
> >
>
>
- Next message: Karl Levinson [x y] mvp: "Re: Locked out of Windows 2000"
- Previous message: JR: "Re: Locked out of Windows 2000"
- In reply to: LWG: "Re: Appropriate permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
