May 15th, 2003, 06:03 PM
should the use of ntbackup.exe be restricted to administrator and backup users only if so why? i mean what might happen if a normal user can run the progie?
May 15th, 2003, 06:19 PM
One example: a "normal" (malicious) user could restore older versions of files from older backups, thus causing data loss.
May 15th, 2003, 06:27 PM
Another example is that a user can backup a copy of the SAM_ file and then transport it to another computer to be run through l0pht Crack or some other password cracker.
May 16th, 2003, 04:58 AM
The result is that the user will be able to back up many files that you would otherwise give no access to, like 2pumpChump said the Sam_ file. Well c ya
May 16th, 2003, 04:55 PM
It is not a security vulnerability to allow users to run ntbackup.exe
Instead you should restrict access to backup files or devices to users allowed to do backups.
Remember that even if you restrict ntbackup.exe, if the users have access to the backup files or devices, they can copy them on to another system which does have ntbackup.exe and restore them from there
Also, I'd argue that you shouldn't bother to even backup the registry (including the SAM) because it is very difficult to restore it successfully, and in rare cases where you needed to restore it, you should reformat and recreate the users anyway.