RE: Windows station permissions, remote control programs,lower priviledge accounts

James,
The question not about what can be done in normal functioning program. The question is that core process running as LocalSystem. This mean that if buffer overflow will be explored on connection attempt before authentication and before thread switched to authenticated account user will get LocalSystem access without authentication.
Also (not completely sure in this one) if lower priviledge authenticated user running remote control program will be able to run RevertToSelf he might get LocalSystem privilidges.
The scope of this question not only about remote control programs - it should be a question why ANY service need to be running as LocalSystem or Administrator account.

-----Original Message-----
From: James Kelly [mailto:jim@essistants.com] Sent: Wednesday, February 19, 2003 6:08 PM To: 'Lee, Alex (NHQ)-EDS'; Tarasul, Alexander; focus-ms@securityfocus.com
Subject: RE: Windows station permissions, remote control programs,lower priviledge accounts

Question, when you Shift-Right-Click, and run something as another user, how does that affect how it is logged?

Jim Received on Thu Feb 20 14:12:46 2003