Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Terminal Server Security issue

Posted on 2004-10-21
10
Medium Priority
?
195 Views
Last Modified: 2013-11-21
I have installed a Windows terminal 2003 server; I need the users to have the ability to right/edit the registry (so the application will work properly) - they are not suffused to edit it manually!!! Or having administrative rights on the server

Right now Im kind of bypassing this problem with "Quick Menu Builder" and the environment option in the active directory

Anyone?
0
Comment
Question by:siltech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 1

Expert Comment

by:Ali_Jas
ID: 12378376
this looks as an operating issue to me, You'd better ask the question there, because more experts will be able to help you.
0
 
LVL 1

Expert Comment

by:Ali_Jas
ID: 12378379
errr.. operating system issue... not operating issue :S
0
 

Author Comment

by:siltech
ID: 12378519
its about Group policy
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 1

Expert Comment

by:Ali_Jas
ID: 12378596
Group policy is also OS related, not networking.

networking here is by means of routers, cabeling and so on.
I should just delete the question here and move it to the OS section.
0
 
LVL 3

Expert Comment

by:MBarber1957
ID: 12379183
A quick way would be to add them to a group on the server, then make that group a member of the LocalAdmin / Administrators group on the local box. That's if you trust them with such authority. This would give them full control of the local machine (not the same as a network administrator).
0
 
LVL 8

Accepted Solution

by:
RLGSC earned 750 total points
ID: 12380163
Siltech,

When you say "modify the registry", I presume that you mean the entire contents of the registry, not User-specific information.

If they have the right to modify the registry, then they can modify the registry -- period.

Certainly unintentionally, the rights and privileges to manipulate the registry create the potential to compromise the integrity of the system. The most common example of this is the dangers of adware/spyware.

I would suggest a thorough review of the application to determine what, exactly, are its needs and requirements. The answer from the developers that "we just need to manipulate the registry" is a poor answer. Once you allow manipulation of the registry, the integrity of the system is destroyed.

I hope that the above is helpful.

- Bob (aka RLGSC)
0
 

Author Comment

by:siltech
ID: 12380186
that That’s exactly the problem, I can't trust them and I can't let them to act as administrators or change the administrative rights

I what them to be a standard users with the ability to right to the registry , without the run command, access to the control panel ecc…
0
 

Author Comment

by:siltech
ID: 12380262
maybe I just duplicate the administrator to a differnt user and lock some icons for this user with "power toy"
what do you think about this?
0
 
LVL 8

Expert Comment

by:RLGSC
ID: 12380305
Siltech,

What you are asking for is a contradiction.

If they have the rights to modify the registry, then they can compromise the system -- period. It does not matter whether it is deliberate (e.g., using REGEDIT) or accidental (e.g., spyware, adware, ActiveX).

What needs to be examined very carefully is what the application is doing that requires registry access, and whether it is operating in an appropriate manner. I have done these reviews on a variety of platforms, and it is often amazing what the justifications for administrative rights are, and how unneeded they are (on a different platform, I just taught a 4 hour seminar on how to delegate management rights over specific applications WITHOUT granting overall administrative rights).

I hope that this information is helpful.

- Bob (aka RLGSC)
0
 

Author Comment

by:siltech
ID: 12380359
Right now I solved it with "quick menu builder"

When a user logs on to the server he has an html menu with "buttons" for his unique applications

This "menu" configured to start automatically as an active directory environment
When a user is trying to close the menu and "playing" with the MS Desktop, the session ends automatically and forces the user to log off

What do you think on the solution?
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question