Results 1 to 5 of 5

Thread: ntbackup.exe

  1. #1
    Junior Member
    Join Date
    Jan 2003


    should the use of ntbackup.exe be restricted to administrator and backup users only if so why? i mean what might happen if a normal user can run the progie?

  2. #2
    Junior Member
    Join Date
    May 2003
    One example: a "normal" (malicious) user could restore older versions of files from older backups, thus causing data loss.

    - Qualm

  3. #3
    Join Date
    May 2003
    Another example is that a user can backup a copy of the SAM_ file and then transport it to another computer to be run through l0pht Crack or some other password cracker.

  4. #4
    The result is that the user will be able to back up many files that you would otherwise give no access to, like 2pumpChump said the Sam_ file. Well c ya

  5. #5
    Senior Member
    Join Date
    Jan 2002
    It is not a security vulnerability to allow users to run ntbackup.exe

    Instead you should restrict access to backup files or devices to users allowed to do backups.

    Remember that even if you restrict ntbackup.exe, if the users have access to the backup files or devices, they can copy them on to another system which does have ntbackup.exe and restore them from there

    Also, I'd argue that you shouldn't bother to even backup the registry (including the SAM) because it is very difficult to restore it successfully, and in rare cases where you needed to restore it, you should reformat and recreate the users anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts