David LeBlanc <dleblancat_private> writes: > At 12:25 AM 10/2/99 -0500, .rain.forest.puppy. wrote: > >the following > >registry key holds the program to execute as a debugger: > > >\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion > > \AeDebug\Debugger > [...] > > >This means any keys under it, including AeDebug, are > >accessible remotely, providing the right ACLs on the keys allow so. Well, > >just so happens that Everyone has Special Access to Debugger and Auto > >under AeDebug. Included in this Special Access is the permission to Set > >Value. > > Nope. This is NOT default. There is some strange condition involving > upgrades from specific versions of NT. My own workstation had allowed > users to write to this key, and it freaked me out and I thought it was a > big problem. Several other people checked their machines and found that it > wasn't, including some clean installs. I don't know exactly what the ins > and outs are in terms of what machines will show up with this, and which > ones won't, but you won't find it on all of them. > I'm pretty sure r.f.p. is correct about the default. It does allow Everyone to set values. I think I remember the thread you're talking about, and the key which you weren't sure about was ...\CurrentVersion\Image File Execution Options. The betas of NT4 had more permissive ACLs on that key than the official release. AeDebug, OTOH, does by default give Everyone the SpecialAccess r.f.p. mentioned, on all version, although I think it's fixed in the NT5 betas. Todd
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:45 PDT