[rescue] Fair Warning RPC Worm

Kevin kevin at mpcf.com
Thu Aug 14 08:16:41 CDT 2003

That's what local admin group is, the admin account for
*that* box.  

We've done that here (put the user's domain account
into the local admin group) but i'm considering
changing that policy.  I'd rather have the users in
"kiosk mode".  I have to install all their software
anyway, may as well remove that ability from their
account.  As it is, they are getting all kinds of shit
installed like Comet Cursor and Gator.  If they lacked
the ability to write to the registry then i wouldn't
have to deal with that crap.  Pus, they couldn't
install AOL, RealPlayer, any silly clock bullshit or
that f**king waving flag thing or the blinking
Christmas lights or..........


On Thu, 14 Aug 2003 04:55:49 -0500
Roger Walkup <rwalkup at cheqnet.net> wrote:

> On Tuesday, August 12, 2003, at 12:42 PM, Kevin
> wrote:
> > <snip>
> > Does anyone know if this worm would affect machines
> > that are being used by users lacking administrative
> > privileges?  Not having your users in the local
> > admin group helps with some viri but i'm not so
> > sure about this one.
> >
> > <snip>
> That depends what you mean; it's common practice at
> my university to make the primary user of a W2000 box
> a member of the admin group for that box, but not the
> domain.  We had plenty of boxes hacked.  It pushed us
> into installing our firewall earlier than originally
> planned.
> Roger

More information about the rescue mailing list