Open-AudIT

What's on your network?
It is currently Sun Apr 22, 2018 6:40 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Thu Jul 10, 2008 3:17 am 
Offline
Newbie

Joined: Tue Jul 08, 2008 5:45 am
Posts: 5
i was discussing the script with one of my co-workers and i am wondering why the script needs admin rights. Generally the system information is available to any level user so why does the script need special rights.

Once again being a noob does mean that I don't understand the code behind the script, but would there be any danger in letting normal users run the script or see the information?

Edit: We can see where running the script remotely should require admin rights to the computer. But running the script locally doesn't really need the security.

Our conversation started as we were discussing stand alone and remote computers.

Thanks,

Anthony


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 10, 2008 5:39 am 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Regarding SVN revision of audit.vbs, both Partitions (boot flags) and Mapped drives (for ALL local users) info require admin rights, even for local audits.
I didn't try regarding Scheduled tasks and IIS info.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 10, 2008 8:22 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
ef wrote:
Regarding SVN revision of audit.vbs, both Partitions (boot flags) and Mapped drives (for ALL local users) info require admin rights, even for local audits.
I didn't try regarding Scheduled tasks and IIS info.


Quite correct, not sure why the boot flags require admin rights, but anything which allows one user to see the settings of another will require extended rights.
This probably does include Scheduled tasks and IIS but I haven't proved this for certain. Most of the rest of the info is available to any local user, so long as local policy or rights do not specifically exclude this (default policy/rights should allow).

Bear in mind that if you run a domain audit as a domain admin, you will see all of the info for all of the machines.

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group