Solved

Disable taking ownership of hosts file

Posted on 2007-04-11
10
706 Views
Last Modified: 2008-02-01
Hi Experts,

I am running win xp prof sp2 and have two accounts on the pc. One Admin and the other one Power User. I would like to protect the Power user from taking ownership of the "hosts" file.
The problem is that the power user can make another limited account within win xp and take ownership from there.

Is there any way at all whatsoever, in which i can protect taking ownership of the hosts file.
Note: I cannot give the power user lower level permissions on the pc?

Regards,
Neville
0
Comment
Question by:N_Joshi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
10 Comments
 
LVL 22

Assisted Solution

by:Adam Leinss
Adam Leinss earned 35 total points
ID: 18891108
Just give the Users/Power Users group read rights, do not allow them to modify or write to the file, that should prevent them from taking ownership.
0
 

Author Comment

by:N_Joshi
ID: 18891209
I have set the "hosts" file permission in such a way from the admin account, that the power user cannot write, delete... the files. If this is what you mean, it does not work out.
0
 

Author Comment

by:N_Joshi
ID: 18891229
The point value has been increased to 300
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 70

Expert Comment

by:KCTS
ID: 18891275
If you have not already done so Add Power Users to the Security Tab
Select the Power Users Group
Click Advanced and Select EDIT
Scroll to the bottom an DENY take ownership
0
 

Author Comment

by:N_Joshi
ID: 18891348
I have done all that and more, that is, from control panel > administrative tools> local security policy> user rights assignment> (last setting, "take ownership of files and other objects"), i have selected only the admin user.

But it still does not work.

I maybe wrong but I was thinking since a new user can be created from power users, the new user has no permissions assigned to it, and so this is like a free and new "limited" account which is not bound by permissions, when it has just been created. Unfortunately it seems that the "hosts" file gets affected with this loophole, even though the account is limited.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 100 total points
ID: 18891834
Use DENY to prevent power users in the ADVANCED NTFS PERMISSIONS - NOT with A GPO but on the hosts file itself.
0
 

Author Comment

by:N_Joshi
ID: 18895865
I used Deny to prevent power users in advanced NTFS permissions but it did not work.
I could still create a limited user from the power user account and logon with limited user rights and take control of the Hosts file.

I have solved the problem by denying the Administrators, Power users and Users, access to the hosts file with the read only permissions and related advanced NTFS read only permissions, from the Admin mode.
This allows the admin to take control of the Hosts file and at the same time does not give the power user the ability to take control of the hosts file.

The reason for me posting in Vista is because if for some reason, win xp security cannot solve my problem, maybe some permission setting in Vista can. I had no idea Vista does not have Power users. Thanks for telling me. Anyway the problem is now solved.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question