OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: NTFS and ACLs
From: Gibson, Wayne (Wayne.GibsonWANG.COM)
Date: Fri Sep 15 2000 - 16:45:09 CDT

 SCM can be run as a batch file from a floppy and then doesn't require
installation. Depending on how you configure the .inf, it won't change the
ACL editor either.

-----Original Message-----
From: Gary McIntyre
To: FOCUS-MSSECURITYFOCUS.COM
Sent: 9/14/2000 2:57 PM
Subject: Re: NTFS and ACLs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The tool that you are probably thinking of is the Microsoft Security
Configuration Manager, a standard part of Windows 2000 but ported to
NT.

Unlike the Win2K version, the NT version can only be used on a single
server. If you want to configure multiple servers, you have to
install the app on each one.

Gary McIntyre
Network Consultant
LGS Group Inc.
Gary_McIntyrelgs.ca

This user's PGP Public Keys can be
obtained from certserver.pgp.com

- ----- Original Message -----
From: "Colin Stefani" <colinsPRO2NET.COM>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Wednesday, September 13, 2000 6:03 PM
Subject: Re: NTFS and ACLs

> You might have the NT 5.0 ACL manager installed. Even though it's
> NT 4, there is a security tool that Micorsoft produces that will
> check ACL's and give you over-all security control of the
> filesystem and machine policies (I don't recall the exact name of
> the tool, but it's an MMC snap-in interface).
>
> I installed this tool once, not knowing it was designed for 2000
> and was presented with the same permissions interface. The real
> bitch, is that if you are on another machine that is NT4 and
> doesn't have it, and you try to change folder or file permissions
> on this machine it won't let you. The other "issue" with it is that
> you can't remove it without rebuilding the system.
>
> To test this to see if it's installed, share a folder on the
> machine in question, and go to another machine (that you know is
> OK) and try to change permissions on something in that shared
> folder. It should tell you that you don't have NT5.0 "something or
> another" installed so it can't perform the action.
>
> That's my guess on what has happened to machine #1.
>
> Machine #2: Check the path in the environment tab (My Computer ->
> Properties -> Environment). make sure it has at least these entries
> under the PATH variable:
>
> %SystemRoot%\system32;%SystemRoot%;
>
> Otherwise, did someone set permissions on the registry or the WINNT
> (and/or system32) folder? I assume you're an admin, but it's
> possible it's been locked down really tight, which would kill some
> applications from executing.
>
> That's my $0.02,
>
> colin
>
> -----Original Message-----
> From: Gu1tarb0yAOL.COM [mailto:Gu1tarb0yAOL.COM]
> Sent: Wednesday, September 13, 2000 9:05 AM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: NTFS and ACLs
>
>
> To All
>
> I am losing my mind...or bits of it here and there and would
> appreciate. I was trying to tighten down file ACLs on two
> workstations loaded with NT 4.0 SP6a.
> Machine 1) I bring up properties=> security=> permissions. The
> screen and info is not the standard GUI to which I am "accustomed."
> The dialog box is very primitive, has large check boxes, etc ,and
> various inheritance "hooks" on some of the accounts listed. Say
> you want to remove a group... you may have to go to an advanced tab
> to remove the inheritance feature first. It also warns that you
> must add a legitimate group before removing the only existing one,
> because removing the only group will mean Everybody was denied
> access. The auditing tab is also only found after pressing the
> advanced radio button. What have I stumbled on to, and how do I
> get this workstation to display file properties with the standard
> NTFS properties dialog box?
>
> Machine 2) I want to set some ACLS here also but when I press the
> permissions button, nothing happens. Same results when I select
> the auditing and ownership buttons. This machine's regedt32 also
> fails to execute, with a vague reference to missing .DLLs???
> Regedit works fine, but the display features are so foreign, I am
> hesitant to use it as a registry editing tool. If I map a
> connection to this machine, I can display and set the file ACLs
> with no problem. If I bring up REGEDT32 on another machine and
> select machine 2, I can connect to two of the registry keys and
> make some registry modifications that way.
> Can the original NTFS permissions GUI of Machine 1) be recovered?
> Any suggestions on re-establishing the REGEDT32 utility on that
> Machine 2?
>
> Thanks
>
> Jim McFarlen
>
> P.S. Thanks to Paul and Chris for some energetic explorations into
> security measures and the ways in which they may be circumvented.
> I made an "instance specific" remark re: my local UNIX admins that
> may have been interpreted as a generalization, and for that I
> apologize as it was NOT the intent of the comment.
> PEACE

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOcEftJBFF8IBY3kzEQJAOACg490vXfSF+YEdaKDzQ48PlHxzmZ8An0HI
PxW3rK81BCihm2wvX4m20u15
=xXQ+
-----END PGP SIGNATURE-----