Re: Workstation C: security settings

From: Mark (lil_at_OlMe.com)
Date: 02/27/04

• Next message: NIC Student: "Re: SUS server & office"
• Previous message: Ron Bernier: "Re: making all users an admin of local machine by default"
• In reply to: Dave: "Workstation C: security settings"
• Next in thread: Dave: "Re: Workstation C: security settings"
• Reply: Dave: "Re: Workstation C: security settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 27 Feb 2004 11:42:14 -0600

Unless you just WANT the users to have lots of control on their own PCs, it
may be better to run the compatws.inf file using secedit on the workstation
and then set the user back to regular user level.

Supposedly compatws.inf will relax security on a workstation so that legacy
programs can run. Legacy programs are usually the reason to give elevated
security rights to users.

To run the compatws.inf file, go to c:\Windows\security\templates and type
secedit /configure /cfg compatws.inf /db compatws.sdb

Mark.

"Dave" <dave@dave.com> wrote in message
news:uvCTHXK$DHA.1036@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> We have a win2k domain with winXP workstations. The security settings on
> the winXP C: are as follows.
>
> Administrator - Full Control: This folder, subfolders and files
> CREATOR OWNER - Full Control: Subfolders and files only
> Everyone - Read & Execute: This folder only
> SYSTEM - Full Control: This folder, subfolders and files
> Users - Read & Execute: This folder, subfolders and files
> Users - Create Folders / Append Data: This folder and subfolders
> Users - Create Files / Write Data: Subfolders only
>
> I find that this allows the user to use pretty much all of the C drive to
> write data to, including installing programs(not in Program Files). Is
this
> a security risk? If yes, what recommendations can I follow to tighten up
> the security?
>
> Thanks!!!
> Dave
>
>

---

• Next message: NIC Student: "Re: SUS server & office"
• Previous message: Ron Bernier: "Re: making all users an admin of local machine by default"
• In reply to: Dave: "Workstation C: security settings"
• Next in thread: Dave: "Re: Workstation C: security settings"
• Reply: Dave: "Re: Workstation C: security settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Workstation C: security settings ... may be better to run the compatws.inf file using secedit on the workstation ... Supposedly compatws.inf will relax security on a workstation so that legacy ... > We have a win2k domain with winXP workstations. ... (microsoft.public.windowsxp.security_admin) Re: Workstation C: security settings ... may be better to run the compatws.inf file using secedit on the workstation ... Supposedly compatws.inf will relax security on a workstation so that legacy ... > We have a win2k domain with winXP workstations. ... (microsoft.public.win2000.active_directory) Paradigms II ... Secure Systems Revisited ... Performing the following very basic security evaluation on your system ... (server or workstation); however, they can be easily adapted to any other ... control over that information. ... (comp.security.misc) Re: Paradigms II ... > are not about trying to circumvent security. ... > (server or workstation); however, they can be easily adapted to any other ... > to have at least a vague idea what security, and a secure environment, ... (comp.security.misc) Re: Event ID 5719: No Windows NT or Windows 2000 Domain Controller is available for domain . ... In my experience what you have done with security policy should ... The workstation gets its networking information from DHCP that, ... updates DNS. ... I don't believe the problem to be at the server end though. ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)