Well, what you see is about how I looked at Windows NT administration before I read the mandrill book from O'Reilly, namely Essential Windows NT System Administration by Æleen Frisch. After a number of totally useless books describing on over 1000 pages exactly nothing, but what buttons are out there, where to find 'em and why should I want to press 'em all, this book came as a gulp of cold water after many miles walk in a desert. Get one you too!
The objective of my job is to build robust, fine-controllable and manageable environment. In other words something I can afford being responsible for. Achieving this goal has a lot to do with security. So that everything you'll read about here should be considered in security context.
I don't really want to hear... I just want you to know that this is exactly the (default) case for Windows NT Terminal Server. How come C:\WTSRV\explorer.exe is world writable? When I pointed this out to another NT administrator, he didn't get surprised. What he really got surprised of was when I said that this definitely must be fixed. He was afraid to render his system to nonusable state... How has Microsoft got that much credibility? FYI, %SystemRoot%\NOTEPAD.EXE (NT's /usr/bin/vi) is also world writable on all default NT installation I've seen so far...
Well, I don't want to hear this either... I just (again:-) want you to know that this is exactly the case for all Windows NT installations. Indeed, did you notice that anyone who can login your workstation can do whatever they're pleased to with HKEY_CLASSES_ROOT hive (1)? See even next...
Text editor preferences (I mean which editor is to be invoked when I double-click on a .TXT file) reside in HKEY_CLASSES_ROOT hive that appears to be shared between all users logging on any particular machine. As I've already mentioned above the hive is writable. This makes it perfectly possible to plant Trojan horses. Indeed, if a bad guy's after a .XLS file he normally doesn't have access to, he simply logs on (Terminal Server or my workstation depending on my work habits) and replaces Excel.Sheet.8\shell\open\command with a program of own design that silently copies the file to location of his choice and then invokes real application. On very own personal workstation I can demand and acquire ownership of HKEY_CLASSES_ROOT, but what one can do in a computer lab or on Terminal Server? I mean besides locking the whole tree read-only and banishing some programs...
Annoying part is that "Microsoft cannot guarantee that any problems resulting from the use of registry editor can be solved. Use tool at your own risk." And similar warning accompanies every damn advice on how to fine-tune security. Isn't it the same as "Want to go secure? We wash our hands, you are taking risks now!" First they market it as the only OS designed with security in mind, and then just disclaim everything when it comes to the action. On the other hand if it's so damn vital and yet so fragile why a secretary can delete vast majority of the keys?
None of those manuals tells you to double-check access permissions on the .DLL module in question. It's world writable by default!
"... the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop."Yeah, right! People just might dream having their systems infected and stuffed with Trojan horses, do they? Indeed, "relaxed" world writable permissions on
... when managed by competent system management personnel who are under appropriate supervision, Windows NT Server version 4.0 SP3 appears to...