Environment
Novell eDirectory 8.8 for Windows 2000
Novell eDirectory 8.7.3.9 for Windows 2000
Situation
Microsoft windows 2000 allows Full Control rights to Everyone by
default on the root of the installed hard drives. As a result
any installed programs, unless they change the permissions
manually, will be fully controllable by any user on the
system. This requires access to the drive where the software
is installed but even a user with access to a writeable share
anonymously could potentially do harm to an installed
program.
Resolution
After installing any program on windows 2000 be sure to change the permissions for the base install directory and to change the permissions on all subdirectories as well. The group of Everyone should have no rights to eDirectory. The Administrators group often has rights to control eDirectory but SYSTEM is the only requirement since that user is running the eDirectory instance when eDirectory is set to run as a service.
This has been resolved in eDir 88sp5