|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: Mon Jan 27 2003 - 17:54:53 CST
Not a good idea as a rule of thumb. Giving _nobody_ this right will cause
problems. For example:
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B290647
If you want Group Policy to work, this is a big one.
And this, again GP related:
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B319808
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B272142
This is pretty significant if you use terminal services.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B324333
This one affects IIS.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsnetserver/proddocs/datacenter/cluad_pr_59.asp
Clusters.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243813
So, while you may remove the right for some, removing it across the board
may not be wise.
Laura
> -----Original Message-----
> From: matthew patton [mailto:pattonme
yahoo.com]
> Sent: Friday, January 24, 2003 11:01 AM
> To: focus-mssecurityfocus.com
> Subject: RE: Bypass Traverse Checking?
>
>
> Sorry I'm late in on the conversation. "Bypass Traverse
> checking" as a matter of course needs to be unset for
> everybody (ie. nobody is allowed to do it) if you really care
> about file system security. IMO.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]