OSE Administration Pages are Available to Everyone by Default (250938)
The information in this article applies to:
- Microsoft Office 2000 Server Extensions
This article was previously published under Q250938 SYMPTOMS
When you install the Office 2000 Server Extensions on a computer running Windows 2000 (build 2052 or later), the local everyone group has full control of the Office Server Extensions Administration Pages and the Scripts1\1033 directory by default.
NOTE: The Office Server Extension Administration Pages can be found at http://<ServerName>/msoffice/msoadmin/ by default (where <ServerName> is the name of your OSE Web Server).
CAUSE
Windows 2000 defaults to having child directories inherit all of the access control list (ACL) settings of their parent directories. In the recent builds of Windows 2000 (2052 and later), this appears to be enforced. Therefore, the Admin directory is getting the ACLs of the less-restricted Msoffice virtual root, which grants read access to the everyone group by default.
Furthermore, the Scripts1\1033 directory also inherits the ACLs of its parent. While the security settings usually only give to everyone ACL read-access to the 1033 directory, it now inherits an Everyone Full Control ACL (which gets propagated down to the Msoadmin directory). Thus, everyone has full control over all of the files in the above-mentioned directories.
RESOLUTION
To resolve this problem, obtain Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a).
To obtain SR-1/SR-1a, click the
article number below to view the article in the Microsoft Knowledge Base:
245025 OFF2000: How
to Obtain and Install Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a)
STATUSMicrosoft has confirmed that this is a problem in Microsoft Office 2000 Server Extensions.
This problem was corrected in Microsoft Office 2000 SR-1/SR-1a.
Modification Type: | Major | Last Reviewed: | 9/3/2002 |
---|
Keywords: | kbbug KB250938 |
---|
|