Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: On the topic of Windows Hardening

from [Terry Browning] Network Security [Permanent Link]
Subject: Re: On the topic of Windows Hardening
Date: Tue, 15 Nov 2005 14:43:32 +0000 
When loosening permissions to allow an application to run, don't just
allow all users the extra permissions, or named users; create a new user
group and give this new group the extra permissions, then give specific
users membership of the group.

The permissions for the group are tweaked to allow the application to
run, and to keep the application running when the developers take yet
more liberties with security in the future. It's also clearer, when
looking at the permissions for a folder or file, to figure out why the
permissions are so relaxed.

Only those users who need the extra access will get it, and maintaining
group membership becomes a separate task, which could be delegated to a
different admin.

Aside: Is there an SGID-like mechanism in Windows?

Peter Hyvonen wrote:

Its there a way to 'fake' an administrator account? I ask because our
MRP software requires the user have complete local privliges (power user
accounts do not work) I've complained but changing MRP software is not
an option. We have alot of small fires because the users of the MRP
software have to be administrator on their own box. Thanks in advance

Pete Hyvonen
Systems Specialist
Self Charge Inc.

---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: break in?, Harlan Carvey
Next by Date:  RE: break in? - terminal services on alternate port, Steve.Cummings
Previous by Thread:  Re: On the topic of Windows Hardening, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:  RE: On the topic of Windows Hardening, Laura A. Robinson
Indexes:  [Date] [Thread] [Top] [All Lists]