|
Posted by Roger Abell on July 13, 2005, 6:23 pm
Please log in for more thread options > I can't see that items.
> That directory (or files?) with the random name doesn't even seem to
exists,
> or at least i'm not able to see them, so i can't see the protection
> settings.
>
It could be that the failure message is because of "file not found" ??
> The "Users" group has read only access to WINNT directory.
>
> Why is the protection event talks about READ/SYNCRONIZE deny, if the Users
> ( and then the ASPNET account too) has read grants on the WINNT directory?
>
That is why I first asked about explicit as compared to inherited grants.
Users Read allows just these. That it is a minimal request being made
and one within the inherited grants, makes it sound like something is
looking for a file in the wrong place (?)
> I don't think the programmers are creating a file in it, i talked with
them
> and nobody has written code to create a file/directory in C:\WINNT, or at
> least we don't know if Crystal Report tryes to.
I can't help you there, but it is good you have that info from the devs.
>
> thanks for the help,
> Marco
>
>
> > Well, they should not be able to write to c:\winnt at all !!
> > When you look at one of these in c:\winnt are the NTFS permissions
> > on it all inherited or are some or all explicit ? i.e. gray or white
> > boxes?
> >
> > That dir name makes it sound like this was upgrade to W2k from NT4,
> > which would leave c:\winnt permissioned loose.
> > I would be the villan and first notify my web authors that use
> > crystal that c:\winnt will be altered and there apps will fail
> > if they do not use the temp environment var to locate their
> > file usage correctly, and I would set an implementation date
> > and hold to it. When that date comes you will find out who
> > is responsible. The alternative, of trying to loosening c:\winnt
> > permissions, if it is not an explicitly set permissions issue, so
> > that inherited permissions are sufficient is not an attractive
> > way to go.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> >> The ASPNET account has R/W access to
> >> "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files"
and
> >> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files"
( no
> >> FULL CONTROL, only Modify+Read+Write, it's ok? ).
> >>
> >> The aspnet_wp process is running under the ASPNET account.
> >>
> >> The aspnet_wp process i using 195MB of memory, with a peak of 312MB.
> >> With a process viewer i can see it has abount 22 threads (nearly all of
> > them
> >> regarding mscorsvr.dll).
> >>
> >> Marco.
> >>
> >> > This sounds a lot like an attempt to get at the Temporary ASP.NET
Pages
> >> > cache directory. Are you running the ASP.NET worker process as a
> > different
> >> > account that perhaps doesn't have access to the proper directories?
> >> >
> >> > -- Sean M, who admittedly is not fond of changing the identity of the
> >> > worker
> >> > process
> >> >
> >> > message
> >> >> i forgot to say, the name KOSW047BFJNQUY26 changes every time.
> >> >>
> >> >> i still don't know who try to create that directory/file and when.
> >> >> i didn't write the applications by myself, i only know that thy use
> >> > Crystal
> >> >> Reports, they're written in .NET 2002 and they use a component to
draw
> >> >> charts, dunno if it is that particular component that tryes to write
> > the
> >> >> directory/file. at least, the programmer said me that he doesn't
> >> > explicitly
> >> >> create it.
> >> >>
> >> >> how can i see if it is being created with explicit permission or
other
> >> > grant
> >> >> ? i can't even find that directory.
> >> >>
> >> >> thank you,
> >> >> Marco
> >> >>
> >> >>
> >> >>
> >> >> > Marco,
> >> >> >
> >> >> > C:\WINNT\KOSW047BFJNQUY26 appears to be some temporary
> >> >> > directory ?? Is it being created with explicit permissions that
> >> >> > will
> >> >> > exclude Users or other grant that includes Dir List for AspNet ?
> >> >> >
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
| 
XML Sitemap