RE: [ActiveDir] OT: Hacking up QB to run under user rights (the official Intuit answer)

Fri, 17 Mar 2006 09:55:48 -0800 

I agree.  You're doing a great job. If we could just implement public
flogging, I think we could get there sooner :)

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Friday, March 17, 2006 11:03 AM
To: [email protected]
Subject: Re: [ActiveDir] OT: Hacking up QB to run under user rights (the
official Intuit answer)

www.threatcode.com

"WE" push them.  That's how it gets done.

Crawford, Scott wrote:

>That is awesome.  Now why can't all vendors do that?  If they're gonna
>write insecure apps, at least tell us how to minimize the risks.
What's
>the point in every customer figuring it out for themselves?  That's a
>lot more total time spent than if they'd just do it once.
>
>What would be even better is if they'd get even more granular in their
>permissions and deny access to .exe's and other potentially harmful
>files.  I'm sure users don't need full access to ALL files under
Intuit.
>This leaves the possibility open that a bad guy (process) could modify
>QuickBooks.exe to attempt to load a keylogger.  Next time an admin runs
>that program, bye bye computer.
>
>Oh well, better than nothing :)
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
>CPA aka Ebitz - SBS Rocks [MVP]
>Sent: Thursday, March 16, 2006 6:08 PM
>To: [email protected]
>Subject: [ActiveDir] OT: Hacking up QB to run under user rights (the
>official Intuit answer)
>
>Message: "User Access Rights Problem: Windows XP and Windows 2000 users

>must have Power Users or Administrator group rights...":
>http://www.quickbooks.com/support/faqs/qb2006/a4edfd81.html
>
>  
>

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to