With regards to the below, how do you restrict access to administrator
only?
"John R
Ellingsworth" To: "Curious George"
<[EMAIL PROTECTED]>,
<[EMAIL PROTECTED] <[EMAIL PROTECTED]>
upenn.edu> cc:
Subject: Re: Restricting cmd.exe
access
03/13/2002 03:48 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Do it. Restrict access to Administrator only.
I do it (am doing it right now) - no known problems.
Test it out on a dev machine first if you have concerns.
Thanks,
John Ellingsworth
Project Leader
Virtual Curriculum
- ----- Original Message -----
From: "Curious George" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 12, 2002 12:59 PM
Subject: Restricting cmd.exe access
>
>
> This is a slight off shoot of the scary site post. What
> are the potential ramifications of restricting "system"
> access to cmd.exe? My thought is with all the MS
> exploits that are gaining access via some service
> running in the system context, this would be a great
> way to mitigate the potential impact. Thoughts?
>
> I am also thinking, ok this is going to inhibit using the
> scheduler service under the system account to run
> local batches, as well as any stored procedure in
> SQL that accesses the command shell, but services
> could be run in another context and still have access
> to the command shell...
>
> Am I way off with this? Will this break something that I
> am just not seeing?
>
> TIA
Curious.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPI+7LQbexkNIm1OFEQJvAgCgrVNKa5ifP3fCF2j4WhPksOi3+osAn2Tm
bvJa+z2tVw1xiQmGgKWQEs26
=AWRF
-----END PGP SIGNATURE-----
