Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-22-2007, 09:40 AM
aiwex
Guest
 
Posts: n/a
Default how to create limited windows account?


I need a windows 2003 account, which could only run Notepad, nothing
more. Account should be able to read and save files only from/to only
one certaint directory. It would be perfect that an account would see
nothing else at all, e.g. clock, start menu and so on, but this is not
necessary. Important thing is, that the user could not run any other
program, except Notepad.

Thank you for your ideas.


--
aiwex
------------------------------------------------------------------------
aiwex's Profile: http://forums.techarena.in/member.php?userid=35659
View this thread: http://forums.techarena.in/showthread.php?t=857569

http://forums.techarena.in


Reply With Quote
  #2 (permalink)  
Old 11-22-2007, 05:03 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: how to create limited windows account?

aiwex wrote:

> I need a windows 2003 account, which could only run Notepad, nothing
> more.



keyword: Software Restriction Policies

> Account should be able to read and save files only from/to only


> one certaint directory.



keyword: Access Control Lists

> It would be perfect that an account would see


> nothing else at all, e.g. clock, start menu and so on, but this is not
> necessary.



This is rather impossible. You want this account at least to be able to run
the explorer shell environment, and this already allows full read access to
every location where the user has read access, as well as all relevant
system information.

Reply With Quote
  #3 (permalink)  
Old 11-22-2007, 06:13 PM
aiwex
Guest
 
Posts: n/a
Default Re: how to create limited windows account?


damn :) i hoped to find some tweak sowtware where i could tick programs,
that certain user can run :) now i see i'll have to study a lot, but at
least i know it is possible. thank you


--
aiwex
------------------------------------------------------------------------
aiwex's Profile: http://forums.techarena.in/member.php?userid=35659
View this thread: http://forums.techarena.in/showthread.php?t=857569

http://forums.techarena.in


Reply With Quote
  #4 (permalink)  
Old 11-23-2007, 01:54 AM
Sebastian G.
Guest
 
Posts: n/a
Default Re: how to create limited windows account?

aiwex wrote:

> damn :) i hoped to find some tweak sowtware where i could tick programs,
> that certain user can run :)



You don't need any tweak software, the configuration of SRP is exposed via
the local security policy MMC applet.

> now i see i'll have to study a lot,



A lot? I think the concept is quite simple: SRP is whitelist mode only
allows the programs in the whitelist plus the ones in the default list to
run. This is enforced by the kernel (specifically the function
NtLoadImage()) as well as by the user shell (specifically CreateProcess(),
CreateRemoteThread() and LoadLibraryEx()). You can enforce this to only
non-admin users. Your only worries should be vulnerable trusted programs
(because then one could possibly inject arbitrary code into the process
memory, so better keep them up-to-date) and script interpreters (because
they load and run their kind of code in their very own fashion).

As for Windows 2000, there are various third-party programs which implement
something like SRP, as for example PolicyMaker Application Security (free
for private use) and Winternals System Manager.

Reply With Quote
Reply


« Re: Extending Wireless Range | Re: schestowitz.com and boycottnovel.com are TROJAN BACKDOOR SITES!! AVOID!! »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
merge two hard drives using partition magic 8? aaronep@pacbell.net alt.comp.hardware 18 07-13-2007 07:30 PM
DOS Attack & High load Piero comp.security.misc 0 06-29-2007 10:58 AM
Why do I need a software firewall? om.newsgroup@gmail.com comp.security.misc 60 10-15-2005 02:10 AM


All times are GMT. The time now is 12:06 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45