Windows 2000 Security Issue

  • Thread starter Thread starter Ian Henderson
  • Start date Start date
I

Ian Henderson

Hi folks.

I work for a company that has just paid a contract programmer to do a bit of
work, integrating our telephony system with our in-house VB.NET CRM product.
The problem that we currently have is that the application that has been
written throws a loosely-coupled event, which requires to register a
transient subscription through Component Services on the local user's
machine.

The setup of the network is as follows:

Servers are all running Windows 2000 Server (not sure which service pack).
Clients are all running Windows XP Pro SP2

For obvious security reasons, we haven't given the general userbase any
administrator-level privileges. However, what we did do, purely as a test,
was create a new user that did have administrator privileges. With those
privileges in place, the user could reach the Component Services without a
problem. We then gradually reduced the granted privileges, testing all the
time, until we got to the point where the user could NOT reach Component
Services.

To cut a long story short, we currently have a bunch of users that have been
granted administrator-level access to the network, which is obviously wrong
on all manner of levels. However, we are unsure of exactly what we would
need to tweak in order for the users to have very limited privileges, but
still be able to access Component Services.

If anyone can help me with this, I'll be extremely grateful. If you can
help me, please, as well as replying to this post, send me an email to
(e-mail address removed).

TIA



Ian Henderson


Brain-Fried Systems Developer
Glasgow, Scotland and Newcastle, England.
 
Ian said:
Hi folks.

I work for a company that has just paid a contract programmer to do a
bit of work, integrating our telephony system with our in-house
VB.NET CRM product. The problem that we currently have is that the
application that has been written throws a loosely-coupled event,
which requires to register a transient subscription through Component
Services on the local user's machine.

The setup of the network is as follows:

Servers are all running Windows 2000 Server (not sure which service
pack). Clients are all running Windows XP Pro SP2

For obvious security reasons, we haven't given the general userbase
any administrator-level privileges. However, what we did do, purely
as a test, was create a new user that did have administrator
privileges. With those privileges in place, the user could reach the
Component Services without a problem. We then gradually reduced the
granted privileges, testing all the time, until we got to the point
where the user could NOT reach Component Services.

To cut a long story short, we currently have a bunch of users that
have been granted administrator-level access to the network, which is
obviously wrong on all manner of levels. However, we are unsure of
exactly what we would need to tweak in order for the users to have
very limited privileges, but still be able to access Component
Services.

If anyone can help me with this, I'll be extremely grateful. If you
can help me, please, as well as replying to this post, send me an
email to ihenderson@________

TIA



Ian Henderson
Click to expand...
Brain-Fried Systems Developer
Glasgow, Scotland and Newcastle, England.
Click to expand...

Frankly, if it were me, I'd insist that the developer fix his product so it
runs properly for user accounts. There's really no excuse for this. And yes,
you're absolutely right - user accounts should have no admin rights at all -
this is bad practice.

That said, you might want to check out FileMon and RegMon from
www.sysinternals.com

Sorry, no email replies. And note that you're doing yourself and everyone a
disservice by posting an "unmunged" email address in your post - it can and
likely will lead to viruses and spam. Check out
http://www.mailmsg.com/SPAM_munging.htm for help in the future....
 
Back
Top