aspose file tools*
The moose likes General Computing and the fly likes Guest user able to access admin folders in WinXP home edition Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » General Computing
Bookmark "Guest user able to access admin folders in WinXP home edition" Watch "Guest user able to access admin folders in WinXP home edition" New topic
Author

Guest user able to access admin folders in WinXP home edition

Shyam kumar
Ranch Hand

Joined: May 21, 2006
Posts: 146
Hi Guys, I have a problem, I have created a admin account and a guest account with limited privilages, to my amazment, the limited access guest user was able to access the admin folders. Can anyone pls help in this!!!
fred rosenberger
lowercase baba
Bartender

Joined: Oct 02, 2003
Posts: 10912
    
  12

I don't think this is a 'meaningless' topic at all. I'm going to move it to a better forum, so please check there for follow ups.


There are only two hard things in computer science: cache invalidation, naming things, and off-by-one errors
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Please provide more details:
Operating system.
What administrative priv's ?
Is this a school/business/organizational machine ?
How many people have physical access ?
How much do you know about encipherment ?
Do you know exactly what XP is an abbreviation for ?


"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Shyam kumar
Ranch Hand

Joined: May 21, 2006
Posts: 146
Hi Nicolas,

Pls see my responses below:
------------------------
Please provide more details:
Q1: Operating system.
Windows XP Home edition
Version 2002
Service pack 2

Q2: What administrative priv's ?

Create, Change, and delete accounts
Make system wide changes
Install programs and access all files

Is this a school/business/organizational machine ?
Its my own private laptop
How many people have physical access ?
2 ppl, I, and my younger brother use it.
How much do you know about encipherment ?
Nothing...
Do you know exactly what XP is an abbreviation for ?
No...
--------------------
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
[ item by item response to Shyam kumar: posted Yesterday 10:02 AM]

Hi Nicolas, prefer to be called Nick in casual conversation.

Pls see my responses below: Thank you for being responsive, as you can see by Fred Rosenberger moving this topic, this is appropriate for our General Computing discussion board: There may be others who have comments or need to see this information for some reason.

Operating system. Windows XP Home edition Version 2002 Service pack 2

It is good that you installed the service pack, but in that you have what is reasonably construed is a significant risk it is necessary to suggest that you not use commercially available operating systems to store account numbers and related information on the machine. There are advantages to using what is called hyper-text secure transmission protocol, but that does not provide reasonable-strength guarentees as to what the business entity on the other end will do with the information.

There are stories about this everyday, (well it seems like everyday), and I suggest reporting to The United States Computer Emergency Readiness Team (US-CERT) any intrusion you can identifiy, which is seems to me they would at least take an interest in this incident.

Create, Change, and delete accounts
Make system wide changes
Install programs and access all files


I would say uh-oh ( an idiomatic for deeper problems ), but we who have to deal with this stuff on a routine basis know that trying to fix such stuff can lead to worse problems. Do you have business with whom you conduct business online ? [ DO NOT NAME THE BUSINESS NOR THE NATURE OF THE BUSINESS - STRICTLY CONSTRAIN YOUR ANSWER TO YES OR NO ] If you do, I would never put any useable information directly on the machine, I do some pretty advanced work and just insist on https:// (with the "s") with a recognizable business name all over the website, and only do that with business with whom I have established an ongoing business relationship.

Its my own private laptop

Do you have it chained to your wrist when you go anywhere ? I doubt it. The only secure machine is shut-off and locked-up. What you are talking about here represents the most perplexing conundrum in computer security architecture and basically cannot be solved.

2 ppl, I, and my younger brother use it.

Is your younger brother compter-interested, or does he spend a lot of time using the machine where he would be inclined to download a lot of files. Note that I am not interested in what is downloaded, just if a lot of time is spent looking around without being really savvy as to the risks.

How much do you know about encipherment ? Nothing...

It is difficult field for experience professionals with 5+ years experience actually trying to do it and some formal training in mathematics. You may trust https, and IPv6 promises to bring reductions in some of the junk email, but we get mail through the system all the time that has
right in the control header. That was taken directly from sample traffic I collected for analysis.

Do you know exactly what XP is an abbreviation for ? No...

Extreme programming, that was for the other forum. It is not relevant to our discussion here.

I suggest you visit the cert website and consider your post under whatever guidelines they suggest.

Let us know the results of that visit, your experience there is crucial to the design philosophy of the program that I am writing.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Guest user able to access admin folders in WinXP home edition
 
Similar Threads
no user with admin permissions
access control on jndi lookup
XP Guest User dial up connection
security-constraint not working
how to bypass url parameters?