[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030911155448.GB3357@SDF.LONESTAR.ORG>
From: petard at sdf.lonestar.org (petard)
Subject: Keeping IE up to date on a Windows Server
On Fri, Sep 12, 2003 at 12:05:46AM +1200, Nick FitzGerald wrote:
> (And, if you cannot trust your admins to not surf the web from your
> servers (or don't know), why not limit their access to iexplore.exe and
> audit all changes to this file, its ACLs, etc? After all, it is little
> more than a window manager providing displays for the output of the
> various *ML parsers, "security" and script engines, etc, etc that are
> implemented in a bunch of DLLs and ActiveX controls and whose use by
> other processes should be unaffected by the permissions set on the IE
> executable itself...)
That's a useless precaution. Start explorer.exe and type a url
into the location bar. iexplore.exe is never touched. If you can't
trust admins not to surf from your servers, suggest to them that
they need to choose another line of work.
HTH
petard
Powered by blists - more mailing lists