> http://www.threatcode.com/testing.htm
I was scrolling through article when I stumbled upon following text that (as I understand) QB2004 displays for LUAs: "Your user account for Windows was created with Restricted access to system resources. This will prevent QuickBooks from operating properly. Please contact your system administrator and ask him or her to grant you Standard user rights." Whatta... What a FUD. So they just lie to user so he goes to admin and asks "Why oh why didn't you give me even Standard user rights?!" Can somebody explain the "Standard user rights" concept? Never heard about it but "Standard user" sounds equal to LUA for me. Oh, you mean, Administrator? Why didn't you say so then?! I wonder how Intuit managed to get away with such statements in their software. --Al > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS > Rocks [MVP] > Sent: Sunday, March 19, 2006 10:12 AM > To: [email protected] > Subject: Re: [ActiveDir] OT: Hacking up QB to run under user rights (the > official Intuit answer) > > http://www.threatcode.com/testing.htm > > You'll love this.. their "official" instructions are wrong. Obviously > no one runs LUAized around there to test this. > > Crawford, Scott wrote: > > I agree. You're doing a great job. If we could just implement public > > flogging, I think we could get there sooner :) > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > > CPA aka Ebitz - SBS Rocks [MVP] > > Sent: Friday, March 17, 2006 11:03 AM > > To: [email protected] > > Subject: Re: [ActiveDir] OT: Hacking up QB to run under user rights (the > > official Intuit answer) > > > > www.threatcode.com > > > > "WE" push them. That's how it gets done. > > > > Crawford, Scott wrote: > > > > > >> That is awesome. Now why can't all vendors do that? If they're gonna > >> write insecure apps, at least tell us how to minimize the risks. > >> > > What's > > > >> the point in every customer figuring it out for themselves? That's a > >> lot more total time spent than if they'd just do it once. > >> > >> What would be even better is if they'd get even more granular in their > >> permissions and deny access to .exe's and other potentially harmful > >> files. I'm sure users don't need full access to ALL files under > >> > > Intuit. > > > >> This leaves the possibility open that a bad guy (process) could modify > >> QuickBooks.exe to attempt to load a keylogger. Next time an admin runs > >> that program, bye bye computer. > >> > >> Oh well, better than nothing :) > >> > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > >> CPA aka Ebitz - SBS Rocks [MVP] > >> Sent: Thursday, March 16, 2006 6:08 PM > >> To: [email protected] > >> Subject: [ActiveDir] OT: Hacking up QB to run under user rights (the > >> official Intuit answer) > >> > >> Message: "User Access Rights Problem: Windows XP and Windows 2000 users > >> > > > > > >> must have Power Users or Administrator group rights...": > >> http://www.quickbooks.com/support/faqs/qb2006/a4edfd81.html > >> > >> > >> > >> > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
