[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WinXP registry security



I have a question re: windows xp registry security best practices.

For background we're running:
1. samba-ldap backend
2. everyone runs with user or power user rights as needed by their job's 
software requirements
3. OpenOffice installed on all PC's, MS Office installed only where 
required for 3rd party compatibility

Here's the scenario:

At the request of one of our departments I've installed some trial 
software on one of our PC's running WinXP fully patched.  It is a 
stand-alone application which never accesses network resources except 
for printing and package updates.

The software required the installation of a Microsoft Access 2000 
runtime and the .net framework as well.

The most disturbing aspect of this process was that I had to give this 
individual 'Full Control' permissions on the software's keys in the 
registry which are actually in HK_LOCAL_MACHINE\SOFTWARE\...

This is not the way I was raised.  I thought that non-admin windows 
users should never have access to anything outside HKLM\CURRENT_USER .

Any comments?  Can anyone cite security papers on the topic?

Thanks,

Dan Fleischer

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.