Customer noticed that the Ghost Solution Suite installer set the executable file permissions below to Authenticated Users have Full Control and believes this is unsecure. Customer was wondering if they could change them to “Read & execute” without breaking Ghost Solution Suite? 

Path : c:\program files (x86)\altiris\express\deployment server\axengine.exe
Used by services : Altiris eXpress Server
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\dbmanager.exe
Used by services : Altiris Deployment Server DB Management
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxecfgservice.exe
Used by services : Altiris PXE Config Helper
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxemgr.exe
Used by services : Altiris PXE Manager
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxemtftp.exe
Used by services : Altiris PXE MTFTP Server
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxeservice.exe
Used by services : Altiris PXE Server
File write allowed for groups : Authenticated Users (S-1-5-11)

Release: 3.3

Removing Full Control and Write from the .exe's for GSS will not hurt the product. 

NOTE: We write logs to this area, we cannot change the permissions on the folder. Each .exe will need to be modified individually.