+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 30 of 30
  1. INTJ wedge1988's Avatar
    Join Date
    Jan 2007
    Location
    UK
    Posts
    435
    #26
    WanBoy67, i have the .man roaming profile on a share. Just because its a .man doesnt mean that its a local profile. In fact, mandatory profiles are not local profiles, mandatory means the profile cannot be changed when a user loggs off. I doubt its the profile anyway, since the start menu has been redirected. (Not in the profile)

    Dynamik, I dont see the point in spending £5000 on licences just to stop users double clicking the folders. I wont disable double clicking, that would render most things useless, wouldnt you agree?

    It is rather a stupid thing, and im still surprised there isnt a solution to the issue. Its the first time i have to say that im disappointed with xp.

    btw, how do you manage your start menus? See if they have security flaws like this.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #27
    Quote Originally Posted by wedge1988 View Post
    Dynamik, I dont see the point in spending £5000 on licences just to stop users double clicking the folders.
    Who said high security was cheap?

    Quote Originally Posted by wedge1988 View Post
    I wont disable double clicking, that would render most things useless, wouldnt you agree?
    There's always a trade-off between security and functionality. The question is: how far are you willing to go

    Quote Originally Posted by wedge1988 View Post
    btw, how do you manage your start menus? See if they have security flaws like this.
    As I alluded to earlier; I simply don't care. I'm not saying you're wrong for looking into this, but I personally don't see this as a legitimate threat. Everything is locked down with appropriate NTFS permissions, and I'm not worried if a user somehow learns of the existence of a share he or she doesn't have access to. Plus, there are many tools* out there that will provide a wealth of information to someone who knows how to use them. I'd be more concerned with thwarting those. If you're really dealing with highly sensitive information, you'd be better off doing something like moving that to a different file server and using IPSec to limit access to it.

    *Check out Hacking Exposed, Hacked Exposed: Windows, any of the CEH books, The Open-Source Penetration Tester's Toolkit, etc.
    Reply With Quote Quote  

  4. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #28
    Wedge, I think you're tilting at windmills here. If your file and folder permissions are correct, who (else) cares if the users can view the contents of the start menu? You are welcome to play around with the Traverse Folder/Execute File and List Folder/Read Data advanced file rights and the Bypass Traverse Checking privilege but I think you are going to find that it just doesn't work the way you want it to.

    File and Folder Permissions

    Anytime you work with file and folder permissions, you should keep the following in mind:
    • Read is the only permission needed to run scripts. Execute permission doesn't matter.
    • Read access is required to access a shortcut and its target.
    Table 13-3 File and Folder Permissions Used by Windows 2000
    Read
    Permits viewing and listing of files and subfolders
    Permits viewing or accessing of the file's contents
    Write
    Permits adding of files and subfolders
    Permits writing to a file
    Read & Execute
    Permits viewing and listing of files and subfolders as well as executing of files; inherited by files and folders
    Permits viewing and accessing of the file's contents as well as executing of the file
    List Folder Contents
    Permits viewing and listing of files and subfolders as well as executing of files; inherited by folders only
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2004
    Location
    Connecticut
    Posts
    423

    Certifications
    MCITP:EA,CCNA,Most CompTia +'s
    #29
    If it is really something that MUST be taken care of and you have been looking for a solution for over 2 years, you could always just put in a premier support issue with microsoft. I'm sure that is cheaper then upgrading.
    Reply With Quote Quote  

  6. INTJ wedge1988's Avatar
    Join Date
    Jan 2007
    Location
    UK
    Posts
    435
    #30
    Ok guys, i think ill leave it there. Thanks for all of your help, as always its invaluable. Im willing to help others here when its back scratching time

    Ill look into the premier support thing too, thats interesting...
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks