Why Is Windows 2000 Trying to Get WriteAttributes on EXE Files?

From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 07/25/05

  • Next message: Johan: "Monitor User Logon" 
    Date: Mon, 25 Jul 2005 10:27:24 -0700

    On a Windows 2000 system, users who are logged in through Terminal Services
    are getting audit messages in the Security event log that complain they
    don't have permissions on many different files, typically these are EXE
    files that they should only access on a read-only basis. In reviewing the
    list of permissions, what they appear to be looking for is WriteAttribute
    permission. Why would a normal user be trying to open up CMD.EXE or
    Outlook Express MSIMN.EXE with WriteAttributes permission? Since it is
    transparent to the user I assume that this is Windows' normal behavior, and
    it seems strange that Windows would want to write attributes every time
    these files are opened. 

    -- 
Will
westes AT earthbroadcast.com
  • Next message: Johan: "Monitor User Logon"

    Relevant Pages

    • RE: What server hardening are you doing these days?
      ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
      (Focus-Microsoft)
    • Re: Unnown process... 5eplorer.exe
      ... do not remove the cause (a "super"-hidden .dll program) but only remove ... symptom files and registry settings. ... It has all permissions but 'copy' denied to everyone, ... then by using the Windows XP Recovery Console. ...
      (microsoft.public.win2000.general)
    • RE: dcom permissions and vista?
      ... user BLAH with Local Activation and Local Launch permissions. ... Windows Vista indeed do some changes in handling DCOM and you may need to ... Windows Vista introduces the notion of Mandatory Access Labels in security ... Microsoft Online Community Support ...
      (microsoft.public.vc.atl)
    • Re: OT: Win 7 comments
      ... I had to edit the Registry. ... This is right up there with repairing permissions, ... That's odd, consider how some of you guys bring the same habits to Windows, ... I will wait for some apps to crash. ...
      (comp.sys.mac.advocacy)
    • RE: SBS 2003 Outoging Fax Problem w/Error 32028 (Cannot send - fatal error)
      ... 1.Reduce the baud rate of the incoming fax modem and see how it goes. ... Click Permissions and verify that the user attempting to fax has at ... 3.If you have configured the fax client on the Windows XP computer ... On the "Additional Server Types" page, ...
      (microsoft.public.windows.server.sbs)