That is awesome. Now why can't all vendors do that? If they're gonna write insecure apps, at least tell us how to minimize the risks. What's the point in every customer figuring it out for themselves? That's a lot more total time spent than if they'd just do it once.
What would be even better is if they'd get even more granular in their permissions and deny access to .exe's and other potentially harmful files. I'm sure users don't need full access to ALL files under Intuit. This leaves the possibility open that a bad guy (process) could modify QuickBooks.exe to attempt to load a keylogger. Next time an admin runs that program, bye bye computer. Oh well, better than nothing :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Thursday, March 16, 2006 6:08 PM To: [email protected] Subject: [ActiveDir] OT: Hacking up QB to run under user rights (the official Intuit answer) Message: "User Access Rights Problem: Windows XP and Windows 2000 users must have Power Users or Administrator group rights...": http://www.quickbooks.com/support/faqs/qb2006/a4edfd81.html -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
