Solved

Disable taking ownership of hosts file

Posted on 2007-04-11
10
700 Views
Last Modified: 2008-02-01
Hi Experts,

I am running win xp prof sp2 and have two accounts on the pc. One Admin and the other one Power User. I would like to protect the Power user from taking ownership of the "hosts" file.
The problem is that the power user can make another limited account within win xp and take ownership from there.

Is there any way at all whatsoever, in which i can protect taking ownership of the hosts file.
Note: I cannot give the power user lower level permissions on the pc?

Regards,
Neville
0
Comment
Question by:N_Joshi
  • 4
  • 2
10 Comments
 
LVL 22

Assisted Solution

by:Adam Leinss
Adam Leinss earned 35 total points
ID: 18891108
Just give the Users/Power Users group read rights, do not allow them to modify or write to the file, that should prevent them from taking ownership.
0
 

Author Comment

by:N_Joshi
ID: 18891209
I have set the "hosts" file permission in such a way from the admin account, that the power user cannot write, delete... the files. If this is what you mean, it does not work out.
0
 

Author Comment

by:N_Joshi
ID: 18891229
The point value has been increased to 300
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 70

Expert Comment

by:KCTS
ID: 18891275
If you have not already done so Add Power Users to the Security Tab
Select the Power Users Group
Click Advanced and Select EDIT
Scroll to the bottom an DENY take ownership
0
 

Author Comment

by:N_Joshi
ID: 18891348
I have done all that and more, that is, from control panel > administrative tools> local security policy> user rights assignment> (last setting, "take ownership of files and other objects"), i have selected only the admin user.

But it still does not work.

I maybe wrong but I was thinking since a new user can be created from power users, the new user has no permissions assigned to it, and so this is like a free and new "limited" account which is not bound by permissions, when it has just been created. Unfortunately it seems that the "hosts" file gets affected with this loophole, even though the account is limited.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 100 total points
ID: 18891834
Use DENY to prevent power users in the ADVANCED NTFS PERMISSIONS - NOT with A GPO but on the hosts file itself.
0
 

Author Comment

by:N_Joshi
ID: 18895865
I used Deny to prevent power users in advanced NTFS permissions but it did not work.
I could still create a limited user from the power user account and logon with limited user rights and take control of the Hosts file.

I have solved the problem by denying the Administrators, Power users and Users, access to the hosts file with the read only permissions and related advanced NTFS read only permissions, from the Admin mode.
This allows the admin to take control of the Hosts file and at the same time does not give the power user the ability to take control of the hosts file.

The reason for me posting in Vista is because if for some reason, win xp security cannot solve my problem, maybe some permission setting in Vista can. I had no idea Vista does not have Power users. Thanks for telling me. Anyway the problem is now solved.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now