Re: Modified registry keys, can't restore permissions

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Fred Ma (fma_at_doe.carleton.ca)
Date: 07/06/04 

Date: Tue, 06 Jul 2004 00:16:59 -0400

Gary Smith wrote:
>
> I believe that the real problem is that support staff are highly variable
> in their level of knowledge and they do not get good training. Whether
> you get good advice or bad is pretty much a matter of chance. It all
> depends on who answers when you get the call. This problem is not
> exclusive to HP of course; it's widespread among both hardware and
> software vendors.

The person who poo-poo'd the security concern knew exactly what the
registry change did (allowed all users to access those registries). I
was pretty clear about my worries, that it would let nonadmin accounts
install programs. He didn't say he didn't know. He said it doesn't
make any difference. I repeated my concern several times. He repeated
his answer several times. The reason I repeated it several times was
because I found his dismissal of the security concern very hard to
believe. Very assured dismissal, very condescending, and somewhat
impatient. It was not hesitant or unsure. In the end, I thought that
no one could be *that* confident and be lying or not know. I guess my
point is that that it cannot be attributed to ignorance, which is how
I interpret your mention of potentially low knowledge level or bad
training (and I do agree that they vary). It is more an ethical issue.
Not of the individual, probably, as the dubious procedure is probably
given as a matter of practice. The individual is, however, complacent
even though the consequences are very clear (at least in my case, I
made it very clear). This is likely to happen when such an approach
is approved from greater powers than front line support staff, either
implicitly or explicitly.

Fred 

-- 
Fred Ma
Dept. of Electronics, Carleton University
Ottawa, Ontario, Canada

Relevant Pages

  • Re: Variable argument function as a parameter of a variable argument function
    ... implies that you don't know. ... It's quite common for people to ask the wrong question; ... the real problem was. ... legitimate - but almost any code that poses security issues can be ...
    (comp.lang.c)
  • Re: IE6 SP2 hangs when accessing address bar
    ... Correction- they're not my support staff;-) MVPS are ... IE6 on Windows XP? ... Preferred solutionThey preserve the security enhancement provided by ... Close Registry Editor ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Group limits and permissions
    ... > that customer all to the same group. ... > provides a reasonable amount of security by limiting any given user from ... > We then add computer room operator accounts to each customer's group in ... > operators (and programmers, and support staff, etc.) It also causes some ...
    (comp.unix.aix)
  • Re: Seeking Encryption Software Referals
    ... Windows 9x was never intended to be even a little secure. ... I assure you I am quite familiar with the security of various ... NTFS uses DES for encryption and I am not ... >going to delay your recognition of the real problem. ...
    (comp.security.misc)
  • Re: Seeking Encryption Software Referals
    ... Windows 9x was never intended to be even a little secure. ... I assure you I am quite familiar with the security of various ... NTFS uses DES for encryption and I am not ... >going to delay your recognition of the real problem. ...
    (sci.crypt)