Using RegMon it look like the values are stored into
HKLM\SECURITY\Policy\Secrets\SANSC\(Default).
-----Original Message-----
From: Tarasul, Alexander
Sent: Friday, January 24, 2003 12:36 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: At.exe Service Account - scripted or registry?
There is a trick to set "AT Service Account" to existing account , but
wrong dummy password - front end validation validate only account name.
In this case jobs scheduled with "at" - assuming attacker managed to run
at - will not be able to execute. Any idea how to do this in script or
by writing to registry to distribute through template/policy?
Thanks
Alexander
Microsoft How-to is:
Open Control Panel and double-click Scheduled Tasks.
In the Scheduled Tasks window, open the Advanced menu and then choose AT
Service Account.
Click This Account and specify a particular user and password. Click OK.
Using RegMon it look like the values are stored into
HKLM\SECURITY\Policy\Secrets\SANSC\(Default).
-----Original Message-----
From: Tarasul, Alexander
Sent: Friday, January 24, 2003 12:36 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: At.exe Service Account - scripted or registry?
There is a trick to set "AT Service Account" to existing account , but
wrong dummy password - front end validation validate only account name.
In this case jobs scheduled with "at" - assuming attacker managed to run
at - will not be able to execute. Any idea how to do this in script or
by writing to registry to distribute through template/policy?
Thanks
Alexander
Microsoft How-to is:
Open Control Panel and double-click Scheduled Tasks.
In the Scheduled Tasks window, open the Advanced menu and then choose AT
Service Account.
Click This Account and specify a particular user and password. Click OK.
[ reply ]