Paul Schmehl wrote in news:[EMAIL PROTECTED]
> This is incorrect. The privilege exists *and* functions on the > Workstation operating systems Win2000 SP4 *and* WinXP. I have verified > this through testing. Yes, there's nothing new about impersonation, it's been there all the way back to NT. > I've already been there and read the page - several times. I understand > *in general* what an impersonation privilege is. I need to know > *specifically* what "server's clients" can be impersonated when this > privilege is applied to an account. So far, I've found nothing on the web > that even attempts to address that issue. > Unfortunately, it has not. Again, I understand *in general* what > impersonation is, how it works and what it can mean in terms of security. > > I am looking *specifically* for what a user who has the privilege > Impersonate a client after authentication has the right to do. Does it > mean that *anything* that user runs runs under his/her privileges? Does > it mean only *local* processes are affected? Does it mean a hacker can > access the machine remotely and run under the user's privileges? > > IOW, if I have a domain account name "Joe", and I grant "Joe" this > privilege, what is placed at risk? The local machine he's logged in to? > The entire domain? Only certain services? Saying it's a high risk (like > ISS does) and then not defining *precisely* what the risks are is not > helpful. > And all I was really asking for is pointers to any white papers or > conference presentations that even attempt to illuminate this issue. > > It's looking like there are none. The info is out there, but it's scattered across a combination of MSDN, WDJ, OSR and similar sources. I started writing a full explanation yesterday when you posted this. I'll try and finish it off when I get home from work this evening. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/