BetaONE will rise again!


Reply
  #1  
Old 3rd Aug 06, 08:12 AM
~*McoreD*~'s Avatar
~*McoreD*~ ~*McoreD*~ is offline
Super Moderator
 
Join Date: Jul 2002
Location: Australia
Posts: 2,902
~*McoreD*~ is an unknown quantity at this point
The Power in Power Users
Placing Windows user accounts in the Power Users security group is a common approach IT organizations take to get users into a least-privilege environment while avoiding the many pains of truly running as a limited user. The Power Users group is able to install software, manage power and time-zone settings, and install ActiveX controls, actions that limited Users are denied.

What many administrators fail to realize, however, is that this power comes at the price of true limited-user security. Many articles, including this Microsoft Knowledge Base article and this blog post by Microsoft security specialist Jesper Johansen, point out that a user that belongs to the Power Users group can easily elevate themselves to fully-privileged administrators, but I was unable to find a detailed description of the elevation mechanisms they refer to. I therefore decided to investigate.

Before I could start the investigation, I had to define the problem. In the absence of a security flaw such as a buffer overflow privilege escalation is possible only if an account can configure arbitrary code to execute in the context of a more-privileged account. The default accounts that have more privilege than Power Users include Administrators and the Local System account, in which several Windows service processes run. Thus, if a Power Users member can modify a file executed by one of these accounts, configure one of their executables to load an arbitrary DLL, or add an executable auto-start to these accounts, they can obtain full administrative privileges.

My first step was to see what files and directories to which the Power Users group has write access, but that limited users do not. The systems I considered were stock Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista. I'm not going to bother looking at server systems because the most common Power Users scenario is on a workstation.

http://www.sysinternals.com/blog/200...wer-users.html

Some really good info on why Limited User is safer than Power User.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why M$ won't give XBox360 power numbers Alpine BetaONE News 0 23rd Nov 05 11:42 PM
Desktop computer issues... Cyberion Hardware Support 4 19th Sep 05 07:59 AM
XBOX Power Cords Not Making A Difference? NewsBot ieXbeta News 3 20th Mar 05 09:09 PM
IE URL Spoofing Bug; SP2 Users Not Affected NewsBot NeoWin News 0 31st Oct 04 12:00 AM
Speed up system. greasemonkey Hardware Support 6 6th Nov 01 08:32 PM


All times are GMT +1. The time now is 02:26 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.