2010/1/7 Looijmans, Mike <mike.looijm...@oce.com>: > The current configuration is correct in terms of security - the 'SYSTEM' > user is a limited account that has no access to the desktop nor shared > network resources.
Sorry to pick you up on this one, Mike, but I think you're thinking of Local*Service*, not Local*System*. LocalSystem has full administrative access to the local computer, including (for example) being able to write a rogue DLL to a spare directory, then amend the registry so that that DLL is loaded by every process that runs on the machine from this point onwards. Or create a new local account that *does* have desktop access and spawn a process running as that user. If you can compromise LocalSystem, you've got the machine. Windows' LocalSystem is very, very close to Unix's root. If you want a non-privileged account, use LocalService not LocalSystem. See, for example http://blogs.msdn.com/jmanning/archive/2008/04/06/localsystem-root-localservice-nobody.aspx - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org