G
Guest
using win xp pro sp2. this is my idea, in a nutshell. i've created an
account, in the Users group, say Internet, and provided instructions within
the Guest account to do the following:
1.) run an instance of the Command Prompt as the Internet user (the
instructions in the Guest account provide the username and password for the
Internet account)
2.) run "c:\documents and settings\all users\application
data\microsoft\network\connections\pbk\rasphone.pbk"
this pops up a window, allowing the user to connect to the internet via
dial-up networking. now there are obviously security risks involved with
this process, and that is what i am here for. first of all, this enables the
user to also create a new dial-up connection. is there a way to disable
this? (should users in the Users group even be allowed to create new dial-up
connections?) i have already removed the Internet user from the "welcome
screen". secondly, on to file permissions. i have denied the Internet user
full access to "C:\Program Files", and read-only access to their home
directory (c:\docume~1\internet) and they are automatically denied access to
the rest of c:\docume~1\*. i was hoping to be able to deny full access to
C:\WINDOWS, but i soon found out this was not possible if i wanted to run
this rasphone.pbk. so i was hoping we could figure out which
files/directories within C:\WINDOWS i would need to grant access in order to
use JUST this rasphone.pbk. i think WINDOWS\system32\services.exe and
WINDOWS\system32\rasphone.exe are at least needed, because i was receiving
failure audits for these when trying to run rasphone.pbk. i notice there are
a lot of files WINDOWS\system32\ras* as well as a directory
WINDOWS\system32\ras\ that are also probably related. i tried granting
"Traverse Folder/Execute File" & "List Folder/Read Data" rights for the
following:
- the directory C:\WINDOWS
- the directory C:\WINDOWS\system32\
- the directory C:\WINDOWS\system32\ras\
- the files C:\WINDOWS\system32\ras*
but still getting an "access is denied" when trying to run the rasphone.pbk.
i'm not sure if i need to be granting more rights to these files, or (more)
rights to more files within WINDOWS\, or what. but, i am really excited
about this! if we can figure out what needs to be granted access to and get
this working it would be an awesome hack! any input would be appreciated.
unfortunately, this computer is not readily available, so my replies will be
slow, but thanks in advance!
account, in the Users group, say Internet, and provided instructions within
the Guest account to do the following:
1.) run an instance of the Command Prompt as the Internet user (the
instructions in the Guest account provide the username and password for the
Internet account)
2.) run "c:\documents and settings\all users\application
data\microsoft\network\connections\pbk\rasphone.pbk"
this pops up a window, allowing the user to connect to the internet via
dial-up networking. now there are obviously security risks involved with
this process, and that is what i am here for. first of all, this enables the
user to also create a new dial-up connection. is there a way to disable
this? (should users in the Users group even be allowed to create new dial-up
connections?) i have already removed the Internet user from the "welcome
screen". secondly, on to file permissions. i have denied the Internet user
full access to "C:\Program Files", and read-only access to their home
directory (c:\docume~1\internet) and they are automatically denied access to
the rest of c:\docume~1\*. i was hoping to be able to deny full access to
C:\WINDOWS, but i soon found out this was not possible if i wanted to run
this rasphone.pbk. so i was hoping we could figure out which
files/directories within C:\WINDOWS i would need to grant access in order to
use JUST this rasphone.pbk. i think WINDOWS\system32\services.exe and
WINDOWS\system32\rasphone.exe are at least needed, because i was receiving
failure audits for these when trying to run rasphone.pbk. i notice there are
a lot of files WINDOWS\system32\ras* as well as a directory
WINDOWS\system32\ras\ that are also probably related. i tried granting
"Traverse Folder/Execute File" & "List Folder/Read Data" rights for the
following:
- the directory C:\WINDOWS
- the directory C:\WINDOWS\system32\
- the directory C:\WINDOWS\system32\ras\
- the files C:\WINDOWS\system32\ras*
but still getting an "access is denied" when trying to run the rasphone.pbk.
i'm not sure if i need to be granting more rights to these files, or (more)
rights to more files within WINDOWS\, or what. but, i am really excited
about this! if we can figure out what needs to be granted access to and get
this working it would be an awesome hack! any input would be appreciated.
unfortunately, this computer is not readily available, so my replies will be
slow, but thanks in advance!