Authorization levels and login scripts

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Ryan Nordman (spacerobots_at_hotmail.com)
Date: 09/14/04 

Date: 13 Sep 2004 17:14:33 -0700

Note: cross-posted to microsoft.public.scripting.vbscript and
microsoft.public.windowsxp.security_admin

Hi guys,

I'm in need of some information about how the security and
impersonation of scripts works. I'm trying to create a login vbscript
that will enumerate certain types of files on the HD. The problem is
that we want it to run more often than when the computer is rebooted,
so it can't be a startup script. As a login script, the user logging
in doesn't have priveleges to see all the directories on the machine
(notably the documents & settings folders for other users), but we
want to enumerate the contents of those folders. What would you
suggest? Is there a way to use the machine account instead of the
user account when it's a login script? (from what I've read, it seems
not)

>From the reading I've done, it seems the only way really to do it is
to provide other credentials and run the script as another user. I'd
prefer not to use this option as storing the credentials of another
user with elevated priveleges in the script would be a security risk.
If this is the only way to do it, does anybody have tips on making
this option as secure as possible?

Thanks very much,
-Ryan

Relevant Pages

  • SUMMARY WAS: OT? Philosophical Question on SA responsibilities
    ... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
    (SunManagers)
  • Re: Clarification-Win2k Netstat sockets interpretation
    ... snip.. ... Before I could manually download every security upate and servicepack from MS.com but now...they send you a bit of Cop-code that fails to run unless ALL defences are down ... Are you sure the script from ntsvcfg is benign in addition to being useful? ... You are absolutely correct there HAL, er ah, Sebastian. ...
    (alt.computer.security)
  • [NT] Flaw in Windows Script Engine Could Allow Code Execution
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Script Engine provides Windows operating systems with the ... blocked by Outlook Express 6.0 and Outlook 2002 in their default ...
    (Securiteam)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... I consider JavaScript (known to security people as JavaVirus) as one of the Really Top ... to have a bad script cause damage to my machine. ... This security feature is called the "Local Machine Zone Lockdown". ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)
  • BUG with RES/SCRIPT/XP-SP2
    ... This security feature is called the "Local Machine Zone Lockdown". ... past week since I started posting problems with the RES Protocol, SCRIPT ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)