From: Thees Peereboom 

Rich,

On a completely different note, I've got a securityproblem which I seem
unable to solve. I've posted about this before, but sofar no luck.

This machine is part of an NT4 domain, users and groups are maintained on
that domain. For some time now whenever I try to change the
securitysettings on this machine (other machines in the domain work fine) I
get the following error:

(leftclick on file, choose properties, go to the securitytab and choose add)

'Cannot open the dialogue for userselection (null)'

which leaves me unable to add or change any rights.

I'd really appreciate at least a direction to search, since I have not been
able even to find this error in the docs.

TIA,

- Thees Peereboom


On Wed, 27 Nov 2002 18:37:40 -0800, "Rich"  wrote:

>   I don't see any backing down.  Microsoft does make choices that affect
backward compatibility but all such choices are scrutinized.  If the compat
problems are due to app bugs work arounds, often specific to one app, are
implemented.  Quite a bit of effort is made to keep existing apps from
third parties working.  Sometimes changes are made in documented or default
behavior, and don't believe that simply changing system defaults doesn't
have compat problems.  These are documented and often configurable by
admins or users depending on the scope of the setting.  I suspect there are
more settings changes that API behavior changes.  John O encountered one in
Windows XP Home Edition.  By default network access is authenticated as the
guest account to limit the ability of someone to attack a system remotely
and do dammage.  It allows a local user to have no password and not open
the system to attack using that user's account.  How did this bite John? 
He disabled the guest account.
>This is a fine example of breaking existing behavior to gain greater security.
>
>Rich
>
>  "Geo."  wrote in message
news:3de56764$1{at}w3.nls.net...
>  "Rich"  wrote in message news:3de42e03{at}w3.nls.net...
>   >>  It's more complicated.<<
>
>  I don't doubt it, I just find it funny that right after Craig Mundie made
>  his "break the apps for security" statements along comes a
security issue
>  and he's forced to back down from the hardline stance.
>
>  FWIW, I don't think it's microsoft's place to force patches on people as Mr
>  Mundie seems to think, there are other much better ways for MS to make NT a
>  whole lot more secure. Really simple things like random directory names
>  (instead of \winnt use \winnt+installdate) and stuff that won't break apps
>  but will break 90% of the hacks.
>
>  Look at how many hacks have been foiled by the IE temp files directory
>  names. Such a simple thing to do and it blocked countless exploits that
>  never became a reality because the files couldn't be located easily.
>
>  Geo.

--- BBBS/NT v4.01 Flag-4