The easiest way to know what should or should not be in an application for
these purposes is to read the application specification for Windows 200x,
which is here:
http://www.microsoft.com/windowsserver2003/partners/isvs/cfw.mspx.

HTH,

Laura

> -----Original Message-----
> From: Alexander Suhovey [mailto:asuhovey (at) mtu-net (dot) ru [email concealed]]
> Sent: Friday, September 12, 2003 12:36 PM
> To: 'Ansgar Wiechers'; focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: Disabling sharing and group policies
>
>
> > I still don't see why you won't remove your users from the
> > local administrators' group and spare yourself the trouble.
>
> > I haven't run into a single application that couldn't
> > be persuaded to run with reduced privileges.
>
> [Sorry if it is offtopic...]
>
> Why administrators must pesuade some applications to run with
> reduced privileges anyway? I mean, why don't software
> developers care about that in first place? Isn't that strange
> when you must have Administrator privileges to just... Scan a
> picture? Write to CD? Whatever *not-administrative* tasks...
>
> Can you please point me to some public source of information
> about common ways to make an application to run under user
> privileges if it won't? As I understand, one should run some
> filemon- regmon-like tools to monitor application and then
> make resources needed by app to be available under user
> account. Is there any otner tips you can share?
>
> Thanks,
> Al.
>
>
> > -----Original Message-----
> > From: Ansgar Wiechers [mailto:bugtraq (at) planetcobalt (dot) net [email concealed]]
> > Sent: Thursday, September 11, 2003 12:46 AM
> > To: focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: Re: Disabling sharing and group policies
> >
> >
> > On 2003-09-10 Matthew Wagenknecht wrote:
> > > I'm looking for a solution to keep honest people honest..
> I will be
> > > monitoring the network for Everyone shares. If I find any,
> > I will know
> > > that it was intentional to circumvent the Group Policy. That way I
> > > don't have to deal with "I didn't know any better".. I'm
> > not looking
> > > for a DoD implementation.
> >
> > I still don't see why you won't remove your users from the
> > local administrators' group and spare yourself the trouble.
> > Please don't give me that old "our applications require this"
> > crap. I haven't run into a single application that couldn't
> > be persuaded to run with reduced privileges.
> >
> > Regards
> > Ansgar Wiechers
> >
> > --------------------------------------------------------------
> > -------------
> > KaVaDo provides the first and only integrated Web application
> > scanner and
> > firewall security suite that prevent Web applications
> > attacks, the most
> > common form of online exploitation. Download a FREE
> > whitepaper on Security Policy Automation for Web Applications.
> > http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> > --------------------------------------------------------------
> > -------------
> >
>
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web application
> scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> --------------------------------------------------------------
> -------------
>

------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---

[ reply ]