Terminally Incoherent

Utterly random, incoherent and disjointed rants and ramblings...

Thursday, December 08, 2005

MSU Security

I poped into the CS lab in Richardson today and I was hanging out with our undergrads who were working on their Software Engineering project.

I noticed that all the windows boxen downstairs are running with user privileges (as they should), and access to some system settings is blocked. In particular, the IT squad blocked the access to the Control Panel. This is fine and dandy for a office machine that only has to run Word and Outlook but our lab is supposed to be used by students learning programming. For example some students may want to use Windows ODBC to set up their db connection. Unfortunately the odbc config app is usually accessible from the control panel. Good job IT!

So the poor undergrads were sitting there trying to figure out what to do next. Of course, as I suspected no one bothered to lock access to the system32 folder :P As you may know, system32 is the windows equivalent of /bin - which essentially means that all essential system applications should be there. So I zoomed through the files there and located the odbc executable. I was able to open it and use it without any restrictions.

So my question is - why even bother locking the control panel? If any user can dig through the system32 folder and access any functionality offered on the panel, what is the point? Is it even possible to restrict user access to some of these files? And why would you want that anyway? Redmond thinks that even the lowliest user should be able to access the controls contained in the Control Panel, so why does IT thing otherwise?


Post a Comment

Links to this post:

Create a Link

<< Home