OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michael G. Greene (mgreene_at_mgreene.com)
Date: Wed Aug 07 2002 - 13:47:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Implement Group Policy - Administrative Templates - Windows Components -
    Task Scheduler - Create new task. There are several available settings
    here, but I believe "create new" satisfy's your concerns.

    Does anyone know off the top of their head if it is possible to schedule a
    task using AT as a user?

    Microsoft Explanation of Policy:
    ..................................................
    Prevents users from creating new tasks.

    This setting removes the Add Scheduled Task item that starts the New Task
    Wizard. Also, the system does not respond when users try to move, paste, or
    drag programs or documents into the Scheduled Tasks folder.

    Note: This setting appears in the Computer Configuration and User
    Configuration folders. If both settings are configured, the setting in
    Computer Configuration takes precedence over the setting in User
    Configuration.

    Important: This setting does not prevent administrators of a computer from
    using At.exe to create new tasks or prevent administrators from submitting
    tasks from remote computers.
    ..................................................

    ----- Original Message -----
    From: "Dufresne, Pierre" <PIERRE.DUFRESNEMESS.GOUV.QC.CA>
    To: <focus-mssecurityfocus.com>
    Sent: Tuesday, August 06, 2002 12:57 PM
    Subject: Risks posed by Windows XP Scheduled Tasks?

    > Hi,
    >
    > I just read the following from a book called Microsoft Windows XP Inside
    > Out:
    > "The behavior of the Windows XP Scheduled Tasks facility points up a fact
    > that you should always keep in mind when working on a network or sharing
    > your own machine with other user accounts: It's possible for someone else
    to
    > start a process that runs invisibly while you're logged on to your own
    > account. Even though a process started by someone else is limited by the
    > privileges available to that other user, it's possible for such a process
    to
    > monitor your activities."
    >
    > This follows the fact that an ordinary user can schedule a task "At system
    > startup" or "At logon". And if the user logging on is not the same as the
    > one who scheduled the task, the task will still be executed.
    > As a system admin of a network of 10000+ workstations, this fact makes
    > me very nervous. My first thought was a user logging on to another user's
    > workstation and scheduling something like a key logger.
    > I am considering the possibility of restricting Scheduled Tasks to
    > administrators only (I konw there are some GPOs to do just that).
    >
    > Any comments on the risks posed by Scheduled Tasks?
    >
    > Thank you for your time
    >
    > Pierre Dufresne