Skip navigation
Menu
Compute Engines

JSI Tip 0990. Do you trust your Server Operators?


A Server Operator can perform many of the same tasks that an Administrator can, with the exception of account management.

By virtue of the default permissions on

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

a Server Operator could replace the SYSTEM value with an executable that grants administrative priveledges. To quote Microsoft:


In the environments where members of server operators are not sufficiently
trusted, it is recommended that security on following keys be changed as below:

Registry Key                                    Recommended Permissions

HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows NT\CurrentVersion\Winlogon             CREATOR OWNER: Full Control
                                                        Administrators: Full Control
                                                        SYSTEM: Full Control
                                                        Everyone: Read

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023