[263] in winnt
Re: Securing the WinNT root.
daemon@ATHENA.MIT.EDU (Paul B. Hill)
Mon Nov 16 15:53:08 1998
Date: Mon, 16 Nov 1998 15:47:33 -0500
To: ntpartners@MIT.EDU
From: "Paul B. Hill" <pbh@MIT.EDU>
In-Reply-To: <199811162027.PAA15346@SLIGO.mit.edu>
>...I've actually had more problems with application directories than with NT
>itself. An appalling number of programs keep config files in their
>application executable directories, and require user write access to the
>config files, the application directories, and in some cases even the
>application's own executables. ...
This is the major reason why I have not tried to document any
recommendations yet. Unfortunately, at the present time, the only practical
answer is that each machine must be reviewed on an individual basis because
it depends which applications or services will be running on the machine.
The NT 5.0 Logo program does try to make it clear to developers how their
applications should behave. Eventually it should be possible to secure
major directories without breaking many of the applications that are
important to the users.
Paul
