home *** CD-ROM | disk | FTP | other *** search
- Date: Tue, 23 Mar 1999 23:40:55 -0000
- From: Mnemonix <mnemonix@GLOBALNET.CO.UK>
- To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
- Subject: Index Server 2.0 and the Registry
-
-
- When Microsoft's Index Server 2.0 is installed on NT 4 with
- Internet Information Server 4 it opens a new "AllowedPath"
- into the Windows NT Registry.
-
- Administrators can control who can access the Windows NT
- Registry via the network by editing permissions on the
- Winreg key found under
-
- HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg
-
- By default, on NT Server 4, the permissions on this key are
- set to Administrators with Full Control. No-one else should
- have access (although it doesn't really work out like this in
- the end.) There are certain paths through the Registry that
- remote users, whether they are Administrators are not, may
- access. These are listed in the AllowedPaths subkey found
- under the Winreg key. These paths are to allow basic network
- operations such as printing etc to continue as normal.
-
- Index Server 2.0 creates a new "AllowedPath":
-
- HKLM\System\CurrentControlset\Control\ContentIndex\Catalogs
-
- meaning that anyone with an local or domain account for that
- machine, including Guests, are able to discover the physical
- path to directories being indexed or if a directory found in a
- network share is being index they can learn the name of the
- machine on which the share resides and the name of the user
- account used to access that share on behalf of Index and
- Internet Information Server. Permissions on the above key and
- its sub-key give Everyone read access.
-
- Note that regedit and regedt32 can not be used to access this
- information. Tools such as reg.exe or home-baked efforts must
- be used.
-
- In most cases this issue represents a mild risk, but one worth
- noting and resolving by removing if this adversely affects you
- and your security policy.
-
- Cheers,
- David Litchfield
- http://www.infowar.co.uk/mnemonix/
-
-
