| Registry Tip #6: Allow Server Operators to use AT command |
Hits: Failed to execute CGI : Win32 Error Code = 3
|
On a Domain Controller, the server operator accounts must be added to the Server Operators group. On a member server or a stand-alone server, they must be added to the local Administrators group. There is no way to allow anyone not in such powerful groups to issue AT commands. Scheduled tasks are run in the security context of the Schedule service which often is allowed to execute as SYSTEM. Adding users to such powerful groups is NOT recommended. Third-party products are better approach if they do not also run as operating system powerful account.
A must have for NT administrators in corporate or governmental organizations or anyone being audited by a large outside audit firm.
It is not a secrets type guide but it has excellent sound advice and its used by PriceWaterhouse's auditors as a guide.
|
|