Windows 2000 rights allow Full Control to Everyone in eDirectory install location.

  • 3060892
  • 12-Nov-2007
  • 10-Jun-2013

Environment


Novell eDirectory 8.8 for Windows 2000
Novell eDirectory 8.7.3.9 for Windows 2000

Situation

Microsoft windows 2000 allows Full Control rights to Everyone by default on the root of the installed hard drives.  As a result any installed programs, unless they change the permissions manually, will be fully controllable by any user on the system.  This requires access to the drive where the software is installed but even a user with access to a writeable share anonymously could potentially do harm to an installed program.

Resolution

After installing any program on windows 2000 be sure to change the permissions for the base install directory and to change the permissions on all subdirectories as well.  The group of Everyone should have no rights to eDirectory.  The Administrators group often has rights to control eDirectory but SYSTEM is the only requirement since that user is running the eDirectory instance when eDirectory is set to run as a service.

 

This has been resolved in eDir 88sp5