-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do it. Restrict access to Administrator only.
I do it (am doing it right now) - no known problems. Test it out on a dev machine first if you have concerns. Thanks, John Ellingsworth Project Leader Virtual Curriculum - ----- Original Message ----- From: "Curious George" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 12, 2002 12:59 PM Subject: Restricting cmd.exe access > > > This is a slight off shoot of the scary site post. What > are the potential ramifications of restricting "system" > access to cmd.exe? My thought is with all the MS > exploits that are gaining access via some service > running in the system context, this would be a great > way to mitigate the potential impact. Thoughts? > > I am also thinking, ok this is going to inhibit using the > scheduler service under the system account to run > local batches, as well as any stored procedure in > SQL that accesses the command shell, but services > could be run in another context and still have access > to the command shell... > > Am I way off with this? Will this break something that I > am just not seeing? > > TIA Curious. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPI+7LQbexkNIm1OFEQJvAgCgrVNKa5ifP3fCF2j4WhPksOi3+osAn2Tm bvJa+z2tVw1xiQmGgKWQEs26 =AWRF -----END PGP SIGNATURE-----
