lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: daniels at ponderosatel.com (Daniel Sichel)
Subject: RE: Giving Admin rights to local users in Win2k

Message: 4
From: "Exibar" <exibar@...lair.com>
To: "James Exim" <security@...m.dyndns.org>,
   <full-disclosure@...ts.netsys.com>
Subject: Re: [Full-Disclosure] W2k users, local admin rights and GPOs
Date: Wed, 29 Oct 2003 10:54:49 -0500

It's actually very easy to prevent any policies from coming down to your
system if you have local admin rights.  What you do is first, delete the
policies from the registry, then deny everyone (except for a locally
created
user) access to the policy key.  You'll see the failures in the event
log
when a new policy attempts to get written.  Viola!  no more policies....

  Easy as pie....

  Exibar

Do not give local users admin rights. Do not use software that requires
this(Vendors will tell you that their packages do because they are too
lazy or too cheap to find out
What administrative rights are needed. They also write a lot of crap
that needlessly
Requires ADMIN rights. Guess those offshore programers aren't too
worried about this issue. 

So the answer is don't do this, it's an open invitation for pernicious
browser based trojans to install themselves anyway. We have had more
than one user call and ask what it means to have an install program that
they weren't supposed to be running fail with insufficient rights. Makes
my day every time it happens.

Dan Sichel
Ponderosa Telephone


Powered by blists - more mailing lists