Ted Roche wrote: > On Sun, Dec 14, 2008 at 1:37 PM, Paul Hill <[email protected]> wrote: > >> http://en.wikipedia.org/wiki/Windows_nt >> >> "NT supported per-object (file, function, and role) access control >> lists allowing a rich set of security permissions to be applied to >> systems and services." >> > > I would suggest that security is far more complex than simple feature > lists. That downloads are immediately executable is a huge flaw. That > there are many ways to disguise ActiveX controls in browsers such that > unsuspecting users download infectedware and run it on their machines > is a massive flaw. > > >> Basically Windows security is more fine-grained than the traditional >> Unix model (user, group, world) in that you can have much more control >> over what a user can do to a folder/file, though there is a POSIX ACL >> api (don't know much about that). >> > > If that's all there was to security, that might be true. There are > several ways to extend the basic ACL model. The many Unix varients > have layers of security with features like SELinux, two-way firewalls, > intrusion detection facilities, etc. A skilled practitioner on any > platform, Windows, Mac or *Nix, can tune it up to the necessary level > of security, at least if we're talking about levels short of Tempest > requirements. But, out of the box in the hands of a consumer,... > > >> But as I said, great security is useless if the default install gives >> you admin rights... >> > > Yep. > >
In a network that has a primary domain server, the Administrator and his password would be consistent across all computers that make up the domain. In this situation anyone could create a new Administrator during an install of a new OS on a computer, but the newly created Administrator would only have Administration privileges on the newly installed computer. It would require the domain administrator with the domain administrator's password to allow the newly installed OS to join the domain, and only the Domain Administrator would have super user privileges across all computers that make up the domain. Usually the domain Admin. is the one that installs the OS on a new computer. Regards, LelandJ _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
