wntRunAsUser and Act as Part of Operating System Clarification
Keywords: wntRunAsUser Act as Part of Operating System
Question:
What are the implications with regard to system security and integrity of granting all logged in users:
"Act as part of the operating system"
"Increase quotas"
"Replace a process level token"
We would like to use WntRunAsUser to deploy software on 'locked down' NT Workstations but are concerned about
these additional rights.
Answer:
"Increase quotas"
"Replace a process level token"
I think are standard (do check). If so then these should not cause any differences.
"Act as part of the operating system"
Is the one that I find I have to add. Sounds scary. I've searched the Internet in the past
and have not had much luck figuring out exactly what that means. I just tried again and found
the following from the
http://www.webtrends site
Risk Level: Medium
Vulnerability Description
Allows a user to perform as a secure part of the operating system. This right enables the
designated user to bypass certain operating system constraints and act as a trusted entity.
The SYSTEM account can always do this. Additionally, some subsystems are given this capability.
Some Win32API calls, such as LogonUser() and CreateProcessAsUser(), require that they be run
with this right.
Article ID: W14382
Filename: wntRunAsUser and Act as Part of OS Clarification.txt
File Created: 1999:12:10:13:28:40
Last Updated: 1999:12:10:13:28:40