Ghost 2003 (or earlier) Security Issue
Posted on 2004-09-19
We're running Ghost 2003 right now for wide-deployment and backup of workstations. We are having a concern with regard to the Ghost files used in the Virtual Partition setup.
We understand that Ghost changes boot process to where the PC boots from Ghost's Virtual Partition. This means that it sets that "partition" as active. (As noted in the Recovery process from Symantec's website). However when the ghost client service powers down the machine, when does it change the system setup for the partitions and active settings? Does it happen before Power-down, affecting BOOT.INI, does it change the MBR or something? It apparently causes the machine to treat the VD folder as a partition in some way.
We understand that it is the Ghost Service Account that can add a machine to the domain, and it appears that the symantec ghost client uses the SYSTEM account to manipulate the machine's boot process. Is this correct? What level of security on Win2000 and WinXP does this service account NEED to have in order to work?
Thanks to all. This might take some clarification!