Re: NT configuration caution

From: seifriedat_private
Date: Mon Apr 20 1998 - 23:45:49 PDT

Next message: David LeBlanc: "Re: NT configuration caution"

Previous message: David LeBlanc: "Re: NT configuration caution"
Maybe in reply to: George: "NT configuration caution"
Next in thread: David LeBlanc: "Re: NT configuration caution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The solution to this configuration error is to stop the rcmd service on the
> server and when you need access use the netsvc command to start it. Since
> only the admin has the permissions to stop and start services I think this
> should pretty much cure the problem. However I'd really like to hear from
> anyone who has ideas on this one.
>
> Geo.

Several possible solutions to remote UNIX style management of NT machines:

To solve the RCMD.EXE problem (and quote the MS help files):

Security is provided in two ways:

The logged-on user must have interactive logon privileges on the target
computer in order to connect to it.

Any programs executed on the target computer are executed impersonating
the logged-on user. Any access validation (such as opening files) is performed
as if the user were logged on to the local computer.

So simply tighten up permission on the server, remember by default the
group everyone can pretty much run amuck on the system, so simply remove
the group everyone's (and any other global/local groups or users that do
not need access to the files/etc) permissions from any file/programs you
deem sensitive (which should be most of them), this will keep the FP users
out of trouble. A better solution would be to create a FP users group and
simply give then no access to any sensitive areas.

After quickly looking at the installation instructions for "RSHSVC.EXE:
TCP/IP Remote Shell Service" I noticed a "Open RSHSVC.HTM now" link. The
following is from rshsvc.htm:

 Security

   Contents

   In order to set up client access to the Remote Shell service, you must
   place a .rhosts file in the %Systemroot%\System32 folder\Drivers\Etc
   folder. The .rhosts file should contain one or more entries of the
   following type, each entry appearing on one line:

   <C1> <U1> [<U2> <U3> ....]

   where:

          C1 is the name of the computer from which the RSH client can be
          run

          U1, U2, and so on, are names of users who are granted access to
          the Remote Shell service.
     _________________________________________________________________

This is from NT Server Reskit Suppliment #2, I didn't bother to check the
original or Suppliment #1, but I suspect the same applies. Using the
.rhosts properly would seem to me to cut the risk down considerably and
be a better alternative in many ways then RCMD.EXE.

-seifried

Next message: David LeBlanc: "Re: NT configuration caution"
Previous message: David LeBlanc: "Re: NT configuration caution"
Maybe in reply to: George: "NT configuration caution"
Next in thread: David LeBlanc: "Re: NT configuration caution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:50:07 PDT