Re: ASPNET Account autiding alert

From: M. Simioni (m.simioniREMOVETHIS_at_TOCONTACTMEgmail.com)
Date: 07/13/05 

Date: Wed, 13 Jul 2005 17:39:25 +0200

I can't see that items.
That directory (or files?) with the random name doesn't even seem to exists,
or at least i'm not able to see them, so i can't see the protection
settings.

The "Users" group has read only access to WINNT directory.

Why is the protection event talks about READ/SYNCRONIZE deny, if the Users
( and then the ASPNET account too) has read grants on the WINNT directory?

I don't think the programmers are creating a file in it, i talked with them
and nobody has written code to create a file/directory in C:\WINNT, or at
least we don't know if Crystal Report tryes to.

thanks for the help,
Marco

"Roger Abell" <mvpNOSpam@asu.edu> ha scritto nel messaggio
news:e2ZBpb3hFHA.3124@TK2MSFTNGP12.phx.gbl...
> Well, they should not be able to write to c:\winnt at all !!
> When you look at one of these in c:\winnt are the NTFS permissions
> on it all inherited or are some or all explicit ? i.e. gray or white
> boxes?
>
> That dir name makes it sound like this was upgrade to W2k from NT4,
> which would leave c:\winnt permissioned loose.
> I would be the villan and first notify my web authors that use
> crystal that c:\winnt will be altered and there apps will fail
> if they do not use the temp environment var to locate their
> file usage correctly, and I would set an implementation date
> and hold to it. When that date comes you will find out who
> is responsible. The alternative, of trying to loosening c:\winnt
> permissions, if it is not an explicitly set permissions issue, so
> that inherited permissions are sufficient is not an attractive
> way to go.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "M. Simioni" <m.simioniREMOVETHIS@TOCONTACTMEgmail.com> wrote in message
> news:%23SUTBvyhFHA.1148@TK2MSFTNGP12.phx.gbl...
>> The ASPNET account has R/W access to
>> "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files" and
>> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" ( no
>> FULL CONTROL, only Modify+Read+Write, it's ok? ).
>>
>> The aspnet_wp process is running under the ASPNET account.
>>
>> The aspnet_wp process i using 195MB of memory, with a peak of 312MB.
>> With a process viewer i can see it has abount 22 threads (nearly all of
> them
>> regarding mscorsvr.dll).
>>
>> Marco.
>>
>> "Sean M" <tamasean@hotmail.com> ha scritto nel messaggio
>> news:Olfz8MxhFHA.320@TK2MSFTNGP09.phx.gbl...
>> > This sounds a lot like an attempt to get at the Temporary ASP.NET Pages
>> > cache directory. Are you running the ASP.NET worker process as a
> different
>> > account that perhaps doesn't have access to the proper directories?
>> >
>> > -- Sean M, who admittedly is not fond of changing the identity of the
>> > worker
>> > process
>> >
>> > "M. Simioni" <m.simioniREMOVETHIS@TOCONTACTMEgmail.com> wrote in
>> > message
>> > news:Odyu$CxhFHA.3936@TK2MSFTNGP10.phx.gbl...
>> >> i forgot to say, the name KOSW047BFJNQUY26 changes every time.
>> >>
>> >> i still don't know who try to create that directory/file and when.
>> >> i didn't write the applications by myself, i only know that thy use
>> > Crystal
>> >> Reports, they're written in .NET 2002 and they use a component to draw
>> >> charts, dunno if it is that particular component that tryes to write
> the
>> >> directory/file. at least, the programmer said me that he doesn't
>> > explicitly
>> >> create it.
>> >>
>> >> how can i see if it is being created with explicit permission or other
>> > grant
>> >> ? i can't even find that directory.
>> >>
>> >> thank you,
>> >> Marco
>> >>
>> >>
>> >>
>> >> "Roger Abell" <mvpNOSpam@asu.edu> ha scritto nel messaggio
>> >> news:e2$5akvhFHA.328@tk2msftngp13.phx.gbl...
>> >> > Marco,
>> >> >
>> >> > C:\WINNT\KOSW047BFJNQUY26 appears to be some temporary
>> >> > directory ?? Is it being created with explicit permissions that
>> >> > will
>> >> > exclude Users or other grant that includes Dir List for AspNet ?
>> >> >
>> >>
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Re: ASPNET Account autiding alert
    ... The "Users" group has read only access to WINNT directory. ... least we don't know if Crystal Report tryes to. ... > permissions, if it is not an explicitly set permissions issue, so ...
    (microsoft.public.dotnet.security)
  • Security- pemissions
    ... How can I change the Root Permissions in my server ... By Using Group Policy and that this permissions will ... not go down (so my WINNT DIRECTORY permissions will not change)...??? ...
    (microsoft.public.win2000.security)
  • Re: ASPNET Account autiding alert
    ... That is why I first asked about explicit as compared to inherited grants. ... >> I would be the villan and first notify my web authors that use ... >> permissions, if it is not an explicitly set permissions issue, so ...
    (microsoft.public.windows.server.security)
  • Re: ASPNET Account autiding alert
    ... That is why I first asked about explicit as compared to inherited grants. ... >> I would be the villan and first notify my web authors that use ... >> permissions, if it is not an explicitly set permissions issue, so ...
    (microsoft.public.dotnet.security)