Security Question about GPO "fix"

  • Thread starter Thread starter David Stach
  • Start date Start date
D

David Stach

Hello all...

I have a question more about security than GPO, but I figured I'd try both
places---- I implemented (in a test environment) the following KB Fix
http://support.microsoft.com/default.aspx?kbid=821546 to allow non-admins to
run VMware v3.0 after SP4 was installed on W2k. Before I implement this
globally, I was curious as to what, if any security risks there were to
giving the \everyone group these rights. I am quite apprehensive since this
deals directly with the RPC service, and we've been having SO much fun with
that one lately....

If there are security risks, does anyone know off-hand what group is
necessary for VMWare to run? I'll do it by trial and error if needed, but I
figured I'd throw it out to you all as well.

Thanks in advance for any help...
 
Only give the necessary group/users that right. The everyone group should not be used
unless absolutely necessary in any permissions/rights [it includes guests and
anonymous]. If possible create a group to give that right, and then add the users to
that group that need it. At the very most, try using authenticated users. --- Steve
 
Thanks Steven, That's what I had intended to do. I just wanted a second
opinion if there might be a better way. I'm just Glad I found the fix to
the problem. It was definitely in a obscure place....

Thanks again!

--



David


Steven L Umbach said:
Only give the necessary group/users that right. The everyone group should not be used
unless absolutely necessary in any permissions/rights [it includes guests and
anonymous]. If possible create a group to give that right, and then add the users to
that group that need it. At the very most, try using authenticated sers. --- Steve

David Stach said:
Hello all...

I have a question more about security than GPO, but I figured I'd try both
places---- I implemented (in a test environment) the following KB Fix
http://support.microsoft.com/default.aspx?kbid=821546 to allow non-admins to
run VMware v3.0 after SP4 was installed on W2k. Before I implement this
globally, I was curious as to what, if any security risks there were to
giving the \everyone group these rights. I am quite apprehensive since this
deals directly with the RPC service, and we've been having SO much fun with
that one lately....

If there are security risks, does anyone know off-hand what group is
necessary for VMWare to run? I'll do it by trial and error if needed, but I
figured I'd throw it out to you all as well.

Thanks in advance for any help...

--
David


msn: (e-mail address removed)
 
Back
Top