/build/static/layout/Breadcrumb_cap_w.png

Using Secedit to permission EVERYTHING

In this thread I'm going to post some examples of using Secedit to permission files and registry keys in a way that will help ensure that only the users that are supposed to modify files/keys are allowed to.

This sort of security stops worms and Denial Of Service attacks dead in their tracks.

More to come soon.

0 Comments   [ + ] Show comments

Answers (2)

Posted by: ZhuBaJie 19 years ago
Orange Belt
0
In my company they force the policies every hour thereby resetting all rights set by packages.
Using Security templates to set the rights for your package is fairly easy and you can give the Security Templates to the system managers so they can import it so your rights won't be reset.

I wrote a very detailed instruction on how to do it with the VB script and how to make a custom action of it. However, it's in Dutch so I need to find time to translate it.

Marcel
Posted by: Gekris 18 years ago
Senior Yellow Belt
0
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_secedittopnode.mspx?mfr=true

is a good place to start if your new to securty templates and secedit.

I use cmd file to call secedit and the inf created by the MMC
I also use secedit to create the smb and log files. besure to use the name name for all the files to ensure you know what template is for latter.

IE

appname_version.cmd
appname_version.inf

install the files to the securty templates folder (or use one u created for applicatin securty on the local box)
call the cmd file from a custem action in your MSI at the end of your install or u can create an exe for it with wise script or simualer tool (sms installer) and call that from your package.

u can give that inf file to your administrator if you are useing domain level application securty.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ