Unsecure executable file permissions in GSS
search cancel

Unsecure executable file permissions in GSS

book

Article ID: 259823

calendar_today

Updated On:

Products

Ghost Solution Suite

Issue/Introduction

Customer noticed that the Ghost Solution Suite installer set the executable file permissions below to Authenticated Users have Full Control and believes this is unsecure. Customer was wondering if they could change them to “Read & execute” without breaking Ghost Solution Suite? 

Path : c:\program files (x86)\altiris\express\deployment server\axengine.exe
Used by services : Altiris eXpress Server
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\dbmanager.exe
Used by services : Altiris Deployment Server DB Management
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxecfgservice.exe
Used by services : Altiris PXE Config Helper
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxemgr.exe
Used by services : Altiris PXE Manager
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxemtftp.exe
Used by services : Altiris PXE MTFTP Server
File write allowed for groups : Authenticated Users (S-1-5-11)

Path : c:\program files (x86)\altiris\express\deployment server\pxe\pxeservice.exe
Used by services : Altiris PXE Server
File write allowed for groups : Authenticated Users (S-1-5-11)

Environment

Release: 3.3

Resolution

Removing Full Control and Write from the .exe's for GSS will not hurt the product. 

NOTE: We write logs to this area, we cannot change the permissions on the folder. Each .exe will need to be modified individually.