|
Posted by aiwex on November 22, 2007, 4:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
I need a windows 2003 account, which could only run Notepad, nothing
more.
Account should be able to read and save files only from/to only
one certaint
directory. It would be perfect that an account would see
nothing else at all,
e.g. clock, start menu and so on, but this is not
necessary. Important thing is,
that the user could not run any other
program, except Notepad.
Thank you for your ideas.
--
aiwex
------------------------------------------------------------------------
aiwex's
Profile: http://forums.techarena.in/member.php?userid=35659
View this thread:
http://forums.techarena.in/showthread.php?t=857569
http://forums.techarena.in
|
|
Posted by Sebastian G. on November 22, 2007, 12:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
aiwex wrote:
> I need a windows 2003 account, which could only run Notepad, nothing
> more.
keyword: Software Restriction Policies
> Account should be able to read and save files only from/to only
> one certaint directory.
keyword: Access Control Lists
> It would be perfect that an account would see
> nothing else at all, e.g. clock, start menu and so on, but this is not
> necessary.
This is rather impossible. You want this account at least to be able to run
the explorer shell environment, and this already allows full read access to
every location where the user has read access, as well as all relevant
system information.
|
|
Posted by aiwex on November 22, 2007, 1:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
damn :) i hoped to find some tweak sowtware where i could tick programs,
that
certain user can run :) now i see i'll have to study a lot, but at
least i know
it is possible. thank you
--
aiwex
------------------------------------------------------------------------
aiwex's
Profile: http://forums.techarena.in/member.php?userid=35659
View this thread:
http://forums.techarena.in/showthread.php?t=857569
http://forums.techarena.in
|
|
Posted by Sebastian G. on November 22, 2007, 8:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> damn :) i hoped to find some tweak sowtware where i could tick programs,
> that certain user can run :)
You don't need any tweak software, the configuration of SRP is exposed via
the local security policy MMC applet.
> now i see i'll have to study a lot,
A lot? I think the concept is quite simple: SRP is whitelist mode only
allows the programs in the whitelist plus the ones in the default list to
run. This is enforced by the kernel (specifically the function
NtLoadImage()) as well as by the user shell (specifically CreateProcess(),
CreateRemoteThread() and LoadLibraryEx()). You can enforce this to only
non-admin users. Your only worries should be vulnerable trusted programs
(because then one could possibly inject arbitrary code into the process
memory, so better keep them up-to-date) and script interpreters (because
they load and run their kind of code in their very own fashion).
As for Windows 2000, there are various third-party programs which implement
something like SRP, as for example PolicyMaker Application Security (free
for private use) and Winternals System Manager.
|
| Similar Threads | Posted | | Tools for searching Windows Administrator Account | March 21, 2006, 4:26 pm |
| "Accound Unknown" Windows Vista Account | June 16, 2007, 1:50 pm |
| My user accounts now have very limited rights | October 18, 2005, 5:14 pm |
| rewsd Weak, Incompetent, and of rather Limited Intelligence: that would be Attorney Stephen R. Pappas ,mjhn | August 1, 2005, 1:49 am |
| Create Your Own Monthly Income | October 27, 2005, 7:11 am |
| Hackers plot to create massive botnet | June 6, 2005, 3:03 pm |
| want to create and install private key certificate using openssl | July 31, 2006, 1:18 pm |
| Account for penetration testing | August 17, 2005, 8:04 am |
| strange user account | July 24, 2006, 9:24 pm |
| please help me how i can hack gmail account | July 8, 2008, 11:24 am |
|
XML site map