|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Disabling sharing and group policies
From: Alexander Suhovey (asuhovey
mtu-net.ru)
Date: Fri Sep 12 2003 - 11:35:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I still don't see why you won't remove your users from the
> local administrators' group and spare yourself the trouble.
> I haven't run into a single application that couldn't
> be persuaded to run with reduced privileges.
[Sorry if it is offtopic...]
Why administrators must pesuade some applications to run with reduced
privileges anyway? I mean, why don't software developers care about that in
first place? Isn't that strange when you must have Administrator privileges
to just... Scan a picture? Write to CD? Whatever *not-administrative*
tasks...
Can you please point me to some public source of information about common
ways to make an application to run under user privileges if it won't? As I
understand, one should run some filemon- regmon-like tools to monitor
application and then make resources needed by app to be available under user
account. Is there any otner tips you can share?
Thanks,
Al.
> -----Original Message-----
> From: Ansgar Wiechers [mailto:bugtraqplanetcobalt.net]
> Sent: Thursday, September 11, 2003 12:46 AM
> To: focus-mssecurityfocus.com
> Subject: Re: Disabling sharing and group policies
>
>
> On 2003-09-10 Matthew Wagenknecht wrote:
> > I'm looking for a solution to keep honest people honest.. I will be
> > monitoring the network for Everyone shares. If I find any,
> I will know
> > that it was intentional to circumvent the Group Policy. That way I
> > don't have to deal with "I didn't know any better".. I'm
> not looking
> > for a DoD implementation.
>
> I still don't see why you won't remove your users from the
> local administrators' group and spare yourself the trouble.
> Please don't give me that old "our applications require this"
> crap. I haven't run into a single application that couldn't
> be persuaded to run with reduced privileges.
>
> Regards
> Ansgar Wiechers
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web application
> scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]