A Few Questions
 Michal Bucko (sapheal) <sapheal hack pl> |
Wednesday, March 7 2007 18:17.01 CST |
This entry is not an in-depth security analysis. It is just asking questions.
Being logged in as Administrator does not mean You have Administrator rights. This can be changed using gpEdit.msc tool - we have to open security options and disable: UAC - Run all users including Administrators as standard users.
We should also set UAC: Behavior of the elevation prompt - No prompt. Ok, but are all the important applications blocked from being accessed using standard users privileges? (for example: "at" command is blocked).
I guess, not all the important facilities are blocked. We are granted access to cmdkey, we can list available stored credentials without being asked to become Administrator, we can also delete RAS credentials or delete all existing credentials. LSM (Local Session Manager Service) simply crashes when it is invoked. Is this really what was meant to be? I could say three times more examples of this.
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |