NTFS Permissions - SYSTEM
Solution 1
Most Windows services are running under the SYSTEM account. Windows Search Indexer, for example, runs under Local System account. If LocalSystem account cannot access your files, they will not be indexed / found via Windows Search.
There could be other side-effects, mostly related to the fact that many services (including third-party ones) are built with the assumption that user files are accessible to the system account.
So, in theory you can remove these permissions, but in practice you need a really good reason to do so.
Solution 2
If the directory gives access to Administrators, then it is not necessary to give access to SYSTEM. Any access token including SYSTEM will also have Administrators.
Related videos on Youtube
42 : 48
23 : 17
16 : 54
06 : 46
17 : 48
Marcos Bontempo
Updated on September 18, 2022Comments
-
Marcos Bontempo over 1 year
I'm using the FIPS 140-2 module with OpenSSL (https://openssl.org/docs/fips/UserGuide-2.0.pdf). I'm programming an application that only gets the FIPS mode.
Here is my Makefile:
TOOLCHAIN:=/home/marcos/work/nitere/gcc-linaro-arm-linux-gnueabihf-4.9-2014.09_linux/bin:$PATH CROSS_COMPILE:=arm-linux-gnueabihf- OPENSSLDIR = /usr/local/ssl INCLUDES = -I$(OPENSSLDIR)/include -I$(OPENSSLDIR)/fips-2.0/include LIBS= -lcrypto PATH:=${TOOLCHAIN}:${PATH} all: ${CROSS_COMPILE}gcc fipsctl.c -o fipsctl $(INCLUDES) $(LIBS) clean: rm -Rf *.o fipsctlAnd here is my code:
#include <openssl/crypto.h> #include <stdio.h> ... int mode = FIPS_mode(); if(mode == 0) { printf("*** FIPS module is disabled. ***"); } if(mode == 1) { printf("*** FIPS module is enabled. ***"); }When I try to cross-compile, I get this error:
marcos@marcos-X450LD:~/work/nitere/app/nitere$ make arm-linux-gnueabihf-gcc fipsctl.c -o fipsctl -I/usr/local/ssl/include -I/usr/local/ssl/fips-2.0/include -Lcrypto /tmp/ccSQhRme.o: In function main': fipsctl.c:(.text+0x1a): undefined reference to `FIPS_mode collect2: error: ld returned 1 exit status make: *** [all] Error 1Does anybody know why I'm getting this error?
Any tip will be very helpful, Thanks.
-
jww over 8 yearsI believe you need build/install the FIPS Object Module. That's the*-fips-*download. For example, openssl-fips-2.0.11.tar.gz. -
dave_thompson_085 over 8 yearsYour makefile shows
-lcryptolowercase-ell but your log shows-Lcryptouppercase-ell; which is it? If you actually have uppercase in your makefile, that's wrong. @jww: apps don't call the FIPS module directly, only through the 'FIPS capable' OpenSSL library. IfFIPS_modedid link but on execution returned false, that could be a missing FIPS module. -
Marcos Bontempo over 8 yearsThanks for the answers! I installed the FIPS object module and OpenSSL using ./config fips. Did I forget to include some parameter? Is there a way to check if my OpenSSL installation supports FIPS 140-2?
-
-
bwDraco over 12 yearsFYI: Norton Internet Security uses the
SYSTEMaccount as well. If you use NIS, it will not be able to scan any files in folders which the Local System account cannot access. -
Psycogeek over 12 yearsgeneral installation? depending on the OS. I am thinking nothing good could come of it, but it would be fun to try :-) -
CristiFati over 7 yearsThat should do it. It's what Chapter 4.2 Building and Installing the FIPS Object Module with OpenSSL (Unix/Linux) instructs.
