| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| Does the audit script really need admin rights? https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2882 |
Page 1 of 1 |
| Author: | agussio [ Thu Jul 10, 2008 3:17 am ] |
| Post subject: | Does the audit script really need admin rights? |
i was discussing the script with one of my co-workers and i am wondering why the script needs admin rights. Generally the system information is available to any level user so why does the script need special rights. Once again being a noob does mean that I don't understand the code behind the script, but would there be any danger in letting normal users run the script or see the information? Edit: We can see where running the script remotely should require admin rights to the computer. But running the script locally doesn't really need the security. Our conversation started as we were discussing stand alone and remote computers. Thanks, Anthony |
|
| Author: | ef [ Thu Jul 10, 2008 5:39 am ] |
| Post subject: | Re: Does the audit script really need admin rights? |
Regarding SVN revision of audit.vbs, both Partitions (boot flags) and Mapped drives (for ALL local users) info require admin rights, even for local audits. I didn't try regarding Scheduled tasks and IIS info. |
|
| Author: | A_Hull [ Thu Jul 10, 2008 8:22 pm ] |
| Post subject: | Re: Does the audit script really need admin rights? |
[quote="ef"]Regarding SVN revision of audit.vbs, both Partitions (boot flags) and Mapped drives (for ALL local users) info require admin rights, even for local audits. I didn't try regarding Scheduled tasks and IIS info. Quite correct, not sure why the boot flags require admin rights, but anything which allows one user to see the settings of another will require extended rights. This probably does include Scheduled tasks and IIS but I haven't proved this for certain. Most of the rest of the info is available to any local user, so long as local policy or rights do not specifically exclude this (default policy/rights should allow). Bear in mind that if you run a domain audit as a domain admin, you will see all of the info for all of the machines. |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|