| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: daniels at ponderosatel.com (Daniel Sichel) Subject: RE: Giving Admin rights to local users in Win2k Message: 4 From: "Exibar" <exibar@...lair.com> To: "James Exim" <security@...m.dyndns.org>, <full-disclosure@...ts.netsys.com> Subject: Re: [Full-Disclosure] W2k users, local admin rights and GPOs Date: Wed, 29 Oct 2003 10:54:49 -0500 It's actually very easy to prevent any policies from coming down to your system if you have local admin rights. What you do is first, delete the policies from the registry, then deny everyone (except for a locally created user) access to the policy key. You'll see the failures in the event log when a new policy attempts to get written. Viola! no more policies.... Easy as pie.... Exibar Do not give local users admin rights. Do not use software that requires this(Vendors will tell you that their packages do because they are too lazy or too cheap to find out What administrative rights are needed. They also write a lot of crap that needlessly Requires ADMIN rights. Guess those offshore programers aren't too worried about this issue. So the answer is don't do this, it's an open invitation for pernicious browser based trojans to install themselves anyway. We have had more than one user call and ask what it means to have an install program that they weren't supposed to be running fail with insufficient rights. Makes my day every time it happens. Dan Sichel Ponderosa Telephone
Powered by blists - more mailing lists