Help : Win95 securuty hole (one more)
Gerald W. Carter
cartegw at Eng.Auburn.EDU
Wed Feb 25 18:35:35 GMT 1998
> Ok all of that works and yesterday I discovered a hole i didn't knew.
> I knew that when in a session, you get start menu from task bar when you
> press CTRL+ESC.
> What I didn't knew is that, when out of a session, if you pree CTRL+ESC,
> you get task manager. That tool permits you to shutdown computer, but
> also (thanks to Bill Gates) to run an application.
Yeah. Don't you love this one. In fact even if you have disabled the
shutdown command using the policy editor you can still use the Task
Manager ( which you can run...taskman.exe ) to shutdown, logon again,
etc... In fact, all you have to do to shutdown to DOS is create a PIF
file for command.com and set it to run in DOS mode under the advanced
section of the pif.
I think you are just going to have to realize that it is impossible to
secure Windows 95. Trust me I have tried.
Another note. It is also imposssible to force a user to be validated by
a domain at the network login box. If you type in a non-existent
domain, windows 95 will say "...Duhhhhh...I guess you are a valid
user...nobody can tell me any different..." Fun huh?!
If you require user validation to access the computer go with Windows NT
( or better still Unix ). All you are going to get with 95 is a 95%
solution ( no pun intended ).
j-
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list