[rescue] Fair Warning RPC Worm
Kevin
kevin at mpcf.com
Thu Aug 14 08:16:41 CDT 2003
That's what local admin group is, the admin account for
*that* box.
We've done that here (put the user's domain account
into the local admin group) but i'm considering
changing that policy. I'd rather have the users in
"kiosk mode". I have to install all their software
anyway, may as well remove that ability from their
account. As it is, they are getting all kinds of shit
installed like Comet Cursor and Gator. If they lacked
the ability to write to the registry then i wouldn't
have to deal with that crap. Pus, they couldn't
install AOL, RealPlayer, any silly clock bullshit or
that f**king waving flag thing or the blinking
Christmas lights or..........
/KRM
On Thu, 14 Aug 2003 04:55:49 -0500
Roger Walkup <rwalkup at cheqnet.net> wrote:
> On Tuesday, August 12, 2003, at 12:42 PM, Kevin
> wrote:
> > <snip>
> > Does anyone know if this worm would affect machines
> > that are being used by users lacking administrative
> > privileges? Not having your users in the local
> > admin group helps with some viri but i'm not so
> > sure about this one.
> >
> > <snip>
> That depends what you mean; it's common practice at
> my university to make the primary user of a W2000 box
> a member of the admin group for that box, but not the
> domain. We had plenty of boxes hacked. It pushed us
> into installing our firewall earlier than originally
> planned.
>
> Roger
More information about the rescue
mailing list