Write Attributes and Write Extended Attributes
From: Will (westes-usc_at_noemail.nospam)
Date: 10/31/05
- Next message: Dana L. Stille: "CDROM Drive access denied"
- Previous message: S. Pidgorny
: "Re: Kerberos V5 Authentication for a Telnet Session" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 31 Oct 2005 01:30:29 -0800
Can someone explain to me why many Windows 2000 applications appear to
require that anyone with read and execute permission has "write attributes"
and "write extended attributes" permissions enabled? When I turn on
auditing, I see hundreds of messages in the eventviewer security log for
nearly everyone in the Users group for failing to acquire needed permissions
on cmd.exe, shell32.dll, etc. In examining the permission list that the
users need, the only permissions we have failed to enable for users are
"write attributes" and "write extended attributes". Those permissions
don't seem like something you would want to give users for every file on the
system, and I'm perplexed why Windows would need such permissions on many of
its applications.
-- Will
- Next message: Dana L. Stille: "CDROM Drive access denied"
- Previous message: S. Pidgorny
: "Re: Kerberos V5 Authentication for a Telnet Session" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
