Solved

Disable taking ownership of hosts file

Posted on 2007-04-11
10
701 Views
Last Modified: 2008-02-01
Hi Experts,

I am running win xp prof sp2 and have two accounts on the pc. One Admin and the other one Power User. I would like to protect the Power user from taking ownership of the "hosts" file.
The problem is that the power user can make another limited account within win xp and take ownership from there.

Is there any way at all whatsoever, in which i can protect taking ownership of the hosts file.
Note: I cannot give the power user lower level permissions on the pc?

Regards,
Neville
0
Comment
Question by:N_Joshi
  • 4
  • 2
10 Comments
 
LVL 22

Assisted Solution

by:Adam Leinss
Adam Leinss earned 35 total points
ID: 18891108
Just give the Users/Power Users group read rights, do not allow them to modify or write to the file, that should prevent them from taking ownership.
0
 

Author Comment

by:N_Joshi
ID: 18891209
I have set the "hosts" file permission in such a way from the admin account, that the power user cannot write, delete... the files. If this is what you mean, it does not work out.
0
 

Author Comment

by:N_Joshi
ID: 18891229
The point value has been increased to 300
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 70

Expert Comment

by:KCTS
ID: 18891275
If you have not already done so Add Power Users to the Security Tab
Select the Power Users Group
Click Advanced and Select EDIT
Scroll to the bottom an DENY take ownership
0
 

Author Comment

by:N_Joshi
ID: 18891348
I have done all that and more, that is, from control panel > administrative tools> local security policy> user rights assignment> (last setting, "take ownership of files and other objects"), i have selected only the admin user.

But it still does not work.

I maybe wrong but I was thinking since a new user can be created from power users, the new user has no permissions assigned to it, and so this is like a free and new "limited" account which is not bound by permissions, when it has just been created. Unfortunately it seems that the "hosts" file gets affected with this loophole, even though the account is limited.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 100 total points
ID: 18891834
Use DENY to prevent power users in the ADVANCED NTFS PERMISSIONS - NOT with A GPO but on the hosts file itself.
0
 

Author Comment

by:N_Joshi
ID: 18895865
I used Deny to prevent power users in advanced NTFS permissions but it did not work.
I could still create a limited user from the power user account and logon with limited user rights and take control of the Hosts file.

I have solved the problem by denying the Administrators, Power users and Users, access to the hosts file with the read only permissions and related advanced NTFS read only permissions, from the Admin mode.
This allows the admin to take control of the Hosts file and at the same time does not give the power user the ability to take control of the hosts file.

The reason for me posting in Vista is because if for some reason, win xp security cannot solve my problem, maybe some permission setting in Vista can. I had no idea Vista does not have Power users. Thanks for telling me. Anyway the problem is now solved.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now