Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set

Hi Ben,

Appologies to the list for the plug but we have a solution for this and
pretty much all other issues related to tasks and processes run by
'non-admins'. Our goal in this solution is to help organizations fully
implement a 'Least Privileged' environment while allowing approved
tasks/applications to run without incident, in the security context of
the end user. We never give the end user elevated privileges we only
provide those privileges to the individual process launched by the end
user.

You may want to check it out to see what you think. The Product is
called PolicyMaker Application Security and is fully integrated into
Group Policy so the management of the environment is simple. If you
want more details you can contact me offline and I can tell you about
it. We have many customers that are using it for defrag along with the
infinite other problematic applications/processes that require
elevation.

http://www.desktopstandard.com/PolicyMakerApplicationSecurity.aspx

By the way, congrats on moving to a 'Least Privileged' environment.
Even with the issues such as the one you have encountered, this is a
great practice and is a huge step in increasing security on your
network.

Kevin Sullivan
Director of Product Management
DesktopStandard

ksullivan@xxxxxxxxxxxxxxxxxxx
http://www.desktopstandard.com

.

Relevant Pages

  • Re: APACHE$PRIVILEDGED
    ... The primary security on OpenVMS and on most other multi-processing operating systems is implemented via the memory management system and via what VAX calls the change-mode routines, via the Alpha SRM PALcode change-mode equivalent, or via what the IA-32 and IA-32e architectures refer to as the call gate. ... With OpenVMS constructs including device drivers )and user-written system services (UWSS; also known as privileged shareable images), these constructs operate in inner processor modes. ... One of the more hazardous situations for system security is a mixed environment; where there are resources shared between trusted and untrusted environments. ... Not only will the operation that requires privileges now be permitted, but other and potentially unintended operations can also be permitted. ...
    (comp.os.vms)
  • Its not personal (Was: Re: APACHE$PRIVILEDGED)
    ... As it is a very useful example of UWSS ... Some background on security and privileged application code... ... With OpenVMS constructs including device drivers (or drivers an ... environment -- most anything. ...
    (comp.os.vms)
  • [UNIX] Bugzilla Multiple Vulnerabilities (SQL Injections, Privileges Escalation, Information Leak)
    ... Get your security news from a reliable source. ... user may retain privileges that should have been removed, ... Reference: ... secure bug, you can access the summary of that bug even if you do not have ...
    (Securiteam)
  • Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1
    ... OpenVMS provides an inherent security advantage over all the other ... advantage of OpenVMS brings it much closer to such a goal than any OS ... attaining higher mode privileges or services for which a process was ... currently used University-level texts on OS Design. ...
    (comp.os.vms)
  • RE: IDSIPS that can handle one Gig
    ... the need for IPS ... I hear this every now and then from security people, ... I have yet to see an environment (and I am a consultant so I see ... single Microsoft Windows patch. ...
    (Focus-IDS)