>> That's not to say that this is not an issue. It is, and it has been known
>> and discussed for at least two years. MS does not seem to consider it a
real
>> serious problem because "administrators should not be mapping shares that
>
>Like I said, C$ em ADMIN$, by default instalation, is "write access" by
>ordinary users.

I think I know what you are saying here, but the way you are saying it is
confusing. Ordinary users have write access to C:\ on both NT 4 and 5, and
to C:\winnt on NT 4. However, the C$ and ADMIN$ shares are accessible
remotely only to administrators. No ordinary user will be able to map to
these shares remotely. If they have local logon privileges, they can sit
down at the console and access them, but they cannot do so remotely. If you
have a situation where ordinary users can map the C drive and/or the winnt
directory remotely on your servers, you have a lot of things to worry about,
and this is probably not the most serious one.

>When a malicious user realy want, he can do a lot of things to get Admin
>access on Windows NT enviroment.

No arguments there, but due diligence from the administrators goes a long
way.

>Like we can see at BID 993.

Well, uhm, I was one of the people that posted the work-around for that bug
back almost exactly a year ago, so yes, that is what we see there. Jeremy
Logan was the other one, posting essentially the same information. I posted
pretty much the same info on NTBugTraq about three years ago now. The only
real news this time around is that you can do this on a per-machine basis
now, using the same key but under HKLM instead.

Jesper M. Johansson

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]