Hey, I’m using Windows XP Pro right now and I am the administrator. I have found a flaw in the windows security, or at least I think it is a flaw. This only affects you if you have power user accounts on your machines. The Security flaw lies in
C:\Documents and Settings\All Users\Start Menu\Programs\Startup (or something like that, I’m at a Win98 machine)
This folder is vulnerable because power users can create files here. By default, assuming an NTFS file system, only administrators are able to get into other administrators profiles. This is a loophole to that security, but not anymore after you read this.
For this folder, power users have modify ability. Change the permissions to the following
Administrators ---- Full Control
Everyone ---- Read & Execute
Make sure that only Administrators and Everyone appear on the list, remove everything else. ie. SYSTEM, CREATOR OWNER, Power Users, etc.
The reason for my concern is that a power user could create an executable program and drop it into the startup folder indicated above. When an administrator logs on, this program could add that power user to the administrators group, giving them complete and unrestricted control over that machine.
All a power user would have to do is create a BAT file, or an EXE if they know how to program. A BAT file could contain the following lines:
net localgroup administrators USERNAME /add
This gives that user administrator privileges. If that was programmed into an EXE file, the administrator could log on and not even know what happened until it is too late. So for all you administrators who are concerned about security, change the permissions on that folder. Also, the power user could make it so that they can remove the administrator from the administrator’s group and make them a limited user.
Just thought I would let you know, good luck!