August 20th, 2011, 07:18 AM
^^ Seems our pet is starting to loose it's touch.
forgot to inlude the url to the referenced article.
August 20th, 2011, 07:56 AM
Props to Donald on this one, I was not aware that Windows did such a thing?
Unfortunately he has left out the link to the MVP's article
This looks like nVidia making things convenient for themselves, but potentially compromising your security in the process.........please see the interesting link posted by bludgeon.
I am about to build a machine with onboard and independent nVidia graphics so I will be able to see if this account and SLI work together, or if it is just a gaming and/or laptop utility.
The reason I posted in the first place was that it created a potential security hazard on a machine where it had no functionality whatsoever. It should at least have been local rather than global?
I think that I am beginning to see how Donald works..........at first I thought his stuff was way off target, but now that just seems to be my narrow minded approach at the time.
He appears to provide additional information, not specific to the post in question...........a bit like the "obiter dicta" of high (supreme) court judges? //
You beat me to it! .........breakfast interrupted my post . I have edited Donald's contribution slightly to make more sense, and put it in context.
Last edited by nihil; August 20th, 2011 at 08:11 AM.
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
August 20th, 2011, 08:34 AM
This may be a blessing in disguise for security. If you were to have (on a business/pro Windows) multiple "admin" level accounts for specific applications such as GFI LANGuard, application updaters, etc... you can add them all into specific security groups to facilitate locking down the machine.
Originally Posted by nihil
This will allow you to grant them the needed admin rights, while subjecting them to GPO and file/registry permissions that you would not be able to reasonably apply to Local System, Local Service, or Network Service. If one of them is compromised for any reason, they would not have that critical access that the compromise would need to take over the system. It will never be perfect, but it will allow that extra mitigation capability.
The way I see it, limiting possible compromise scope is just as important as limiting attack surface and direct compromise. Proper file permissions on temporary folders is the best defense against browser 0days, and the same can be said for any high risk application.
Real security doesn't come with an installer.
By steve.milner in forum IDS & Scanner Discussions
Last Post: August 12th, 2004, 12:23 PM
By Nokia in forum Tips and Tricks
Last Post: June 18th, 2004, 04:24 PM
By mrleachy in forum *nix Security Discussions
Last Post: October 18th, 2002, 01:27 PM
By Joey_Batch_File in forum The Security Tutorials Forum
Last Post: September 20th, 2002, 09:03 PM