OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: NTFS and ACLs
From: Colin Stefani (colinsPRO2NET.COM)
Date: Wed Sep 13 2000 - 17:03:56 CDT

You might have the NT 5.0 ACL manager installed. Even though it's NT 4,
there is a security tool that Micorsoft produces that will check ACL's and
give you over-all security control of the filesystem and machine policies (I
don't recall the exact name of the tool, but it's an MMC snap-in interface).

I installed this tool once, not knowing it was designed for 2000 and was
presented with the same permissions interface. The real bitch, is that if
you are on another machine that is NT4 and doesn't have it, and you try to
change folder or file permissions on this machine it won't let you. The
other "issue" with it is that you can't remove it without rebuilding the
system.

To test this to see if it's installed, share a folder on the machine in
question, and go to another machine (that you know is OK) and try to change
permissions on something in that shared folder. It should tell you that you
don't have NT5.0 "something or another" installed so it can't perform the
action.

That's my guess on what has happened to machine #1.

Machine #2: Check the path in the environment tab (My Computer -> Properties
-> Environment). make sure it has at least these entries under the PATH
variable:

%SystemRoot%\system32;%SystemRoot%;

Otherwise, did someone set permissions on the registry or the WINNT (and/or
system32) folder? I assume you're an admin, but it's possible it's been
locked down really tight, which would kill some applications from executing.

That's my $0.02,

colin

-----Original Message-----
From: Gu1tarb0yAOL.COM [mailto:Gu1tarb0yAOL.COM]
Sent: Wednesday, September 13, 2000 9:05 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: NTFS and ACLs

To All

I am losing my mind...or bits of it here and there and would appreciate. I
was trying to tighten down file ACLs on two workstations loaded with NT 4.0
SP6a.
Machine 1) I bring up properties=> security=> permissions. The screen and
info is not the standard GUI to which I am "accustomed." The dialog box is
very primitive, has large check boxes, etc ,and various inheritance "hooks"
on some of the accounts listed. Say you want to remove a group... you may
have to go to an advanced tab to remove the inheritance feature first. It
also warns that you must add a legitimate group before removing the only
existing one, because removing the only group will mean Everybody was denied
access. The auditing tab is also only found after pressing the advanced
radio button. What have I stumbled on to, and how do I get this workstation
to display file properties with the standard NTFS properties dialog box?

Machine 2) I want to set some ACLS here also but when I press the
permissions button, nothing happens. Same results when I select the
auditing and ownership buttons. This machine's regedt32 also fails to
execute, with a vague reference to missing .DLLs??? Regedit works fine, but
the display features are so foreign, I am hesitant to use it as a registry
editing tool. If I map a connection to this machine, I can display and set
the file ACLs with no problem. If I bring up REGEDT32 on another machine
and select machine 2, I can connect to two of the registry keys and make
some registry modifications that way.
Can the original NTFS permissions GUI of Machine 1) be recovered?
Any suggestions on re-establishing the REGEDT32 utility on that Machine 2?

Thanks

Jim McFarlen

P.S. Thanks to Paul and Chris for some energetic explorations into security
measures and the ways in which they may be circumvented. I made an
"instance specific" remark re: my local UNIX admins that may have been
interpreted as a generalization, and for that I apologize as it was NOT the
intent of the comment.
PEACE