System Scheduler as a Potential Security Risk

Previous page
Table of content
Next page

The system scheduler (Task Scheduler), which is included with Windows NT/2000/XP, may be used for starting certain undesirable programs in the context of the SYSTEM account (which is present in all Windows NT/2000 systems). However, you won't see this account in either User Manager/User Manager for Domains utilities (Windows NT 4.0), or in MMC snap-ins (Windows 2000/XP). This account and the Task Scheduler allow the system administrator to provide an ordinary user the one-time use of certain administrative tasks without providing them administrative rights. For example, to allow them to run the MMC Disk Management snap-in:

 at <\\machine_name> 1:00pm /interactive %SystemRoot%\system32\diskmgmt.msc

where <\\machine_name>—is the name of the client system.

However useful this is, it's also risky, because running the Task Scheduler in the SYSTEM context will provide any program using this method the whole set of the system privileges, including access to the SAM database.

To protect the system against this possible danger, you can either lock the Task Scheduler service (this service is sometimes needed to run other jobs, though), or configure it in such a way as to log on with an ordinary user account.

You can also block user access to the Schedule services using one of the following two methods:

  • Using Local Policy

  • Using Registry Editor

To block access to the Schedule services using a Local Policy, proceed as follows:

  1. Click Start, click Run, type mmc, and then click OK.

  2. On the File menu, click Add/Remove Snap-in. On the Standalone tab, click Add.

  3. In the Available Standalone Snap-ins list (Fig. 9.13), select the Group Policy options and then click the Add button.

    click to expand
    Fig. 9.13: Adding the Group Policy snap-in to the custom console

  4. The Select Group Policy object window will open (Fig. 9.14). Click Local Computer option to edit the local Group Policy object, or click Browse to find the Group Policy object that you want.

    click to expand
    Fig. 9.14: The Select Group Policy Object window

  5. Click Finish, click Close, and then click OK. The Group Policy snap-in opens the Group Policy object for editing (Fig. 9.15).

    click to expand
    Fig. 9.15: The Group Policy Object opened for editing

  6. Expand either the User Configuration or Computer Configuration branch, and then expand Administrative Templates, Windows Components, Task Scheduler.

  7. Double-click Prevent Task Run or End, click Enabled, and then click OK.

The same task can be performed using Registry Editor (and experienced users can consider this method as faster than the previous one).

  1. Click Start, click Run, type regedit.exe, and then press ENTER to start Registry Editor.

  2. Open one of the following registry keys, but note that you may have to create the key:

     HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Task Scheduler5.0

  3. Create a new DWORD value, name it Execution, and set it to 1.


Previous page
Table of content
Next page
Windows XP Registry
Linux Enterprise Cluster: Build a Highly Available Cluster with Commodity Hardware and Free Software
ISBN: N/A
EAN: 2147483647
Year: 2000
Pages: 144
Authors: Karl Kopper
BUY ON AMAZON
Project Management JumpStart
Developing Tablet PC Applications (Charles River Media Programming)
C & Data Structures (Charles River Media Computer Engineering)
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy