|
Posted by Will on August 4, 2005, 1:31 am
Please log in for more thread options
I am noticing on both Windows 2000 and Windows 2003 servers, by monitoring
the security eventviewer log, that Windows is trying to get write extended
attributes security for every user of the system on critical system32 files.
Why, for example, would any user of the system need write extended
attributes on excel.exe?! On a protected EXE, I don't understand why
Windows wants a privilege to write extended attributes?
Because I have auditing turned on for all fail conditions on file access,
the eventviewer is flooded by these annoying messages on many DLLs and
CMD.EXE and major EXEs like Excel. I don't want to ruin the value of this
log with such irrelevant messages. I don't want to stop auditing to avoid
the problem If I give common users write extended attribute access to the
entire file system, that also seems a bit risky.
Why does Windows want any kind of write privilege on these files at all, and
is there any reason I shouldn't give write extended attribute access to the
entire file system, to common users?
--
Will
westes AT earthbroadcast.com
| 
XML Sitemap