Re: What Would Deactivate Hosts File?

In my default install of Windows 2003 server the permissions on the
hosts file are

Administrators: Full Control
System: Full Control
Server Operaters: everything short of Full Control
Authenticated Users: Read & Excecute and Read
The file is owned by the administrators group.

Joe


Will wrote:
I solved this problem, and I'll post how for posterity, but I would be
interested in anyone's theories about why this works. It almost looks like
a bug or misfeature to me.

We had modified the default ACL on c:\windows\system32\drivers\etc to
exclude the Users group. If you give Users read and execute access, and
then reboot (it will not work until you reboot), then hosts mysteriously
starts working. Note that before and after the reboot I am logged in as
local administrator. And the folder always had Full Control access for
Administrators and SYSTEM, so it cannot be the case that giving Users access
suddenly gave applications in my user context access, since they must have
had read access to HOSTS before the ACL change.

What surprises me about this is that I would have thought HOSTS was
implemented in the driver or somewhere in the kernel, not in each individual
user application. If that is the case, then why would read access to the
Users group affect this feature, which should be implemented by a SYSTEM
entity? It's almost like the code that runs at SYSTEM level did an ACL
check, and after it saw that Users did not have access, it bypassed the
feature. That seems like wrong behavior.

Note that the local Users group did NOT have Authenticated Users in it, just
Domain Users.

--
Will


"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:R6ydnZBeY6ceVQDYnZ2dnUVZ_oipnZ2d@xxxxxxxxxxxxxxx
On one of our Windows 2003 servers, the HOSTS file is not active. No
changes made to the c:\windows\system32\drivers\etc\hosts file are ever
active, even after a reboot. Is there some registry setting or group
policy that would be deactivating that feature?

--
Will



.

Relevant Pages

  • Re: Deny deletion of a folder
    ... I think that the problem is that there are no subfolders and files created ... > On the main security page give administrators full control and users ... > users group, in apply onto select subfolders and files only, then check ...
    (microsoft.public.win2000.security)
  • Re: Oracle memory allocation on Linux 2.6
    ... direct I/O should lower memory consumption simply because it ... bypasses buffer cache over which we have no control. ... With Linux, I really have a problem with the ... as well as system administrators are ...
    (comp.databases.oracle.server)
  • Re: Delegation dilemma
    ... That will spread the security control over a group of people ... your SMS and MOM servers are going to be member servers. ... SMSAdmins in the local administrators group of the SMS Primary and Secondary ...
    (microsoft.public.windows.server.active_directory)
  • Re: Restricting Certain Binaries - Steve?
    ... ntfs/share permissions, eliminating unnecessary services, etc. ... administrators group from the "access this computer from the network" user right ... I don't know exactly how an attacker or worm gets system control. ... > execute any of these binaries from my desktop. ...
    (microsoft.public.win2000.security)
  • RE: Subseven Scans
    ... these hosts seemed to be home systems. ... Korea...so perhaps the "control characters" were ... > root of the drive. ... scanning these remote hosts, accessing the drives, ...
    (Incidents)