Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


XP Permissions

  • Please log in to reply
2 replies to this topic

#1 mrne72


  • Members
  • 15 posts
  • Local time:01:00 PM

Posted 01 December 2004 - 04:52 PM

Hello again :flowers:
I had recently posted a question concerning user accounts on XP. I got help looking for them, and found everything looked normal. However, I had downloaded Process Explorer from Sysinternals.com ( for those who haven't heard of them, and need info on what tool I'm using). It has different options when you highlight entries in the lower pane. One of these is simply properties, and it shows two tabs, Details and Security.
When I click the Security tab, it shows users and their permissions. On way too many of these I've been finding "Everyone" as a user and then permissions such as Delete, Synchronize, Query State, Modify State and Special Permissions. This wouldn't worry me, except that Mcafee Firewall has intercepted three "SYN Port Scan Attacks this morning, and stopped numerous UDP and TCP packets both incoming and outgoing. And when I ran a neotrace on the IP adress (, it came from up in Canada. Info on it:

Registrant-no:  15771                                             
Domaine-no:     414718                                            
Subdomain:      sympatico.ca                                      
Renewal-Date:   2008/10/13                                        
Date-Approved:  2000/10/02                                        
Date-Modified:  2003/12/04                                        
Organization:   Bell Canada                                       
Description:    Bell Canada, the largest Canadian telecommunicationsoperating company, markets a full range of state-of-the-artproducts and services to more than six million businessand residential customers in Quebec, Ontario and parts ofthe Northwest Territories.ATTENTION    To report any alleged illegal use forward email to abuse@sympatico.ca
Admin-Name:     Van Tu Duong                                      
Admin-Title:    Domain Names & Trade-marks Manager                
Admin-Postal:   1000 de La Gauchetiere West  4100                 
                Montreal QC H3B 5H8 Canada                        
Admin-Phone:    1 514 7869356                                     
Admin-Fax:      1 514 8704833                                     
Admin-Mailbox:  trademarks@bell.ca                                
Tech-Name:      DNS Administrator                                 
Tech-Title:     IS/IT Utility Support                             
Tech-Postal:    Bell Canada                                       
                110 O'Connor Street                               
                Ottawa ON K1P 1H1 Canada                          
Tech-Phone:     1 800 5650567                                     
Tech-Fax:       1 514 8704833                                     
Tech-Mailbox:   dns-admin@bellglobal.com                          
NS1-Hostname:   dns1.sympatico.ca                                 
NS2-Hostname:   dns2.sympatico.ca                                 
NS3-Hostname:   ns5.bellnexxia.net                                
NS4-Hostname:   ns6.bellnexxia.net                                

I know this isn't the place for looking for help on every little security problem that arises, the main thing I was looking for help was just that "Everyone" entry. I just wanted to offer up the info in hopes it would help identify possible future threats to users security.
Thanks again for this service, it helps very much. :thumbsup:

BC AdBot (Login to Remove)


#2 phawgg


    Learning Daily

  • Members
  • 4,543 posts
  • Location:Washington State, USA
  • Local time:09:00 AM

Posted 02 December 2004 - 02:06 AM

I use the process explorer, mrne72. Very nice tool, I might add. User group accounts in winXP is also a feature I've had problems with, so naturally I've had to gain some experience in trial & error/otherwise. It's late, I'm tired now... but I'll do some checkin' on the question you ask tomorrow. Thank you for the interest in problems that may pose answers to questions for other users. :thumbsup:

Edited by phawgg, 02 December 2004 - 02:06 AM.

patiently patrolling, plenty of persisant pests n' problems ...

#3 phawgg


    Learning Daily

  • Members
  • 4,543 posts
  • Location:Washington State, USA
  • Local time:09:00 AM

Posted 03 December 2004 - 01:31 AM

Posted Image

The fact that the icon has 2 little heads is synonymous with the icons for the administrator's group. Individual users, guest & those without system-wide privileges have only one. So, in the case of running processes like svhost.exe in the example above, it is indicating everyone in the admin group & system itself. I think. There is more than meets the eye in this line of inquiry, no doubt. Let's explore the process explorer... once again, it's near the end of the day for me. It'll be here tomorrow. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users