Home > Articles > Operating Systems, Server > Microsoft Servers

Fourteen privileges that can be abused in Windows 2000, Part 2

  • Print
  • + Share This
In order to properly administer and secure your Windows 2000 system you should be knowledgeable on the privileges that can be granted to user and group accounts. In the second of a two-part series, Roberta Bragg continues to focus the attention of auditors, systems administrators, security administrators, security analysts, etc on critical system privileges.
This tip has been extracted from presentation materials prepared by Roberta Bragg for the MCP Magazine TechMentor conferences. All rights reserved by the author.
From the author of Ten Privileges that ca n be Abused in Windows 2000

You read in the last installment about how Windows 2000 uses the concept of assignment of privileges to users and groups. We outlined 7 of the 14 privileges can be abused in Windows 2000. Here's part two of this article, courtesy of Roberta Bragg, which lists the remaining privileges to watch our for.

User Right/Privilege

Default Assignment

Use

Abuse

8. Increase scheduling priority

Administrators

Scheduling priorities assure more important processes have more access to system resources and assure all processes a slice of OS time and resources. Scheduling is under the control of the OS. This privilege allows users to modify the scheduling priority in the Task Manager dialog box.

User modification of the priority of a process can have disastrous results and result in system crashes.

9. Load and unload device drivers

Administrators

Install/ uninstall Plug and Play device drivers. (Non-Plug and Play device drivers can only be installed by Administrators)

Device drivers run as privileged programs – hostile programs run by users with this privilege have potential destructive access to resources.

10. Log on as a batch job

The ability to run a process in the background, as in running programs such as a bank reconciliation process.

Any privilege that allows background processing should be carefully controlled to prevent the insertion of Trojans and remote management processes without the administrator's knowledge.

11. Manage auditing and security log

Administrators

The ability to select objects for auditing. Objects include files, folders, registry keys etc. View and clear the Security Log.

Viewing the security log would allow knowledge of activity on the system. If an attacker can read the logs, he will be aware if he is being tracked. If an attacker can clear the security log than he can effectively erase any record of his being on the system.

12. Replace a process level token

The ability to change process change tokens. Tokens attached to processes include the authorization rights for that process.

See related privilege: Create a token object.

13. Shut down the system

W2k Professional: Users, Power Users, Backup Operators, Administrators

W2k Server/Advanced Server: Administrators, Backup Operators, Power Users

Shut down the local operating system. ('Force shutdown from a remote system' allows remote shutdown.)

Many attacks can circumvent system protection if the attacker can shut down the system and restart it under the control of an alternative OS.

14. Take ownership of files or other objects

Administrators

Grab ownership role on objects that one is not an owner of. Administrators need this privilege to regain control of orphaned files, folders and other resources.

A user with this right can gain access to ANY object (any file, folder, directory object, registry key, printer, process, thread, etc). They can effectively own the system on which they have this right. In the purest sense of the word own – they can do anything with the system and its resources.

This privilege has the potential for severe abuse.


This tip has been extracted from a presentation materials prepared by Roberta Bragg for MCP Magazines Techmentor conferences. All rights reserved by the author.

  • + Share This
  • 🔖 Save To Your Account