Interactive vs. authenticated user? - more questions

  • Thread starter Thread starter leegold
  • Start date Start date
L

leegold

Several basic/newbie security questions. Flip/flopping from admin. to
user on my win2k pro. has generated some questions:

1. What is the difference between an interactive user vs. authenticated
user vs. just user ?

2. I see that the admin and user share and seem to have equal rights to
the same recycle bin - can this be changed?

3. It seems like a user has full access and use of the "DOS" command
prompt just like the admin. This gets complicated for me fast...if the
admin logsoff and a user immediately logs on is memory cleared? Eg.
could the user use DOS debug to cause mischief ? IS there a way to limit
what a user can do at the command line? W/ntfs an admin. say cmd.exe is
not accessible or eg. just debug.exe is a no go? Should I care?

4. Related ques. I know user can not install programs, but there's a
family of DOS type programs that one can just cut/paste of to system and
they run w/no install - are this a threat?

Thanks, Lee
 
1. Interactive user is a user who is logged on interactively to the machine, any user interactively logged on. An
Authenticated user is any user who is authenticated, this was a replacement for the everyone group. It simply means
someone who was authenticated by a trusted source. User is someone who is specifically placed in the users group of a
specific machine or domain.

2. The user shouldn't have much rights to the recycle bin unless the user is also in the admin group.

3. When a new user logs on, they get their own "cleared" memory space.

4. Depends on what you consider a threat. They can't do anything that is specifically locked down for users but some
programs like exchange try to lock things through the default GUI's and can be bypassed by other programs that allow you
to do anything the system says the permissions are for.
 
Back
Top