Posted by louis on 09/28/07 14:45
Question about security best practice.
Several best practices articles recommend removing Builtin/
administrator from the sysadmin group. One side affect is that
several third party utilities will try to log in as "nt authority
\system". E.g. fulltext will attempt nt authority\system -- however
fulltext can be configured to use a domain account. Our commvault
tape backup attempts to do "live backups" using nt authority\system.
Googling suggests that various viruses have attempted to exploit nt
authority\system. A government cookbook says you can logon as
localsystem by using the ATScheduler.
Given all this -- I leaning towards recommending that Nt Authority
\system should only be given data-reader rights, if any rights at
all. Please let me know what you think.
- Louis
[Back to original message]
|