How to Stop a Service From Impersonating Other Users

From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 11/23/05

• Next message: Steven L Umbach: "Re: Windows 2003 firewall"
• Previous message: Roger Abell [MVP]: "Re: ipsec to block ip range"
• Next in thread: S. Pidgorny : "Re: How to Stop a Service From Impersonating Other Users"
• Reply: S. Pidgorny : "Re: How to Stop a Service From Impersonating Other Users"
• Reply: Roger Abell [MVP]: "Re: How to Stop a Service From Impersonating Other Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Nov 2005 11:31:46 -0800

I got a rude surprise after installing McAfee's Managed VirusScan software
on our network. The McAfee service - without every asking any permission
or exposing any configuration setting to the admin - simply impersonates any
user who logs into the console of a machine on which it resides, in order to
be able to get Internet access and do downloads of updates. While the
goal is straightforward and McAfee is a name to trust, it is appalling to me
that they think it is okay to login to a machine at 3am in the morning as
the Enterprise Administrator and not even get permission to do that!!

How can I stop any service that runs as SYSTEM from being able to
impersonate any user who logs into a console? And what is really strange
to me is how can McAfee do this unless they are monitoring the keyboard and
stealing passwords? You can't impersonate a user without the full SID and
password even if you have the privilieges to do so can you?

I need an education on how impersonation works and how its behavior can be
modified through Group Policy.

-- 
Will

• Next message: Steven L Umbach: "Re: Windows 2003 firewall"
• Previous message: Roger Abell [MVP]: "Re: ipsec to block ip range"
• Next in thread: S. Pidgorny : "Re: How to Stop a Service From Impersonating Other Users"
• Reply: S. Pidgorny : "Re: How to Stop a Service From Impersonating Other Users"
• Reply: Roger Abell [MVP]: "Re: How to Stop a Service From Impersonating Other Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to Stop a Service From Impersonating Other Users ... I find this also to be a rude behavior. ... The McAfee service - without every asking any permission ... > user who logs into the console of a machine on which it resides, ... You can't impersonate a user without the full SID ... (microsoft.public.windows.server.security) Re: How to Stop a Service From Impersonating Other Users ... you cannot - SYSTEM account can impersonate other users. ... The McAfee service - without every asking any permission ... (microsoft.public.windows.server.security) Re: What is this? Created 12/27/2003 ... I talked to McAfee and they suggested the scan for viruses ... They gave me instructions on to do this. ... it would solve the problem with this virus but I could ... >> permission from your ... (microsoft.public.security.virus) Re: Home Network set-up ... almost sure to have Norton, McAfee, or some other security software ... Doug Sherman ... You might not have permission to use this ... (microsoft.public.windowsxp.network_web) Re: How to re-enter something into Windows Task Manager "Processes ... As is typical with user guides for most ... > Have you tried reading the mcAfee readme or manual? ... >> notification that was asking for permission to grant something access to ... (microsoft.public.windowsxp.help_and_support)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint