Why Do So Many Windows EXEs Require Write Attribute File Permissions?
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Sat, 23 Dec 2006 02:06:05 -0800
I'm noticing that a very large number of EXE and DLL files in c:\windows of
both Windows XP and Windows 2003 require the executor to have "Write
Attributes" permission against the file. Without that permission the EXE
still operates, but you get a security audit assuming you are tracking
failures on Write Attributes.
When you are trying to secure a drive by having common users only have Read
& Execute access to most of the drive, the sheer number of log messages can
get distracting. Is there a good security reason to not enable common
users to have Write Attributes permissions against c:\windows and its
children that inherit the auditing settings?
--
Will
.
- Prev by Date: Re: Computer access to ACL
- Next by Date: Re: Problems setting up the Recovery Agent
- Previous by thread: How2: User Rights on Domain but Admin Rights on Computer
- Next by thread: NTFS Audit
- Index(es):
Relevant Pages
|
