tor 2009-10-08 klockan 20:29 +0200 skrev Stefan Dengscherz: > As you can see squid basically "fingers" the currently logged on user > from the registry using winexe (http://eol.ovh.org/winexe/). Keep in > mind this is rather a hack rather than a real authentication - it > won't even deny unknown users (and every local machine admin can > impersonate other users by changing the registry key)! Still, it does > the job for me very well and better than clumbsy authentication > against the AD via NTLM/Kerberos/LDAP. Wow, that winexe tool does a really nasty thing. But quite obvious way to do what it's designed for when you think about it... I surely hope it places sufficient access restrictions on the "ahexe" named pipe it sets up on the called client stations.. Running things in SYSTEM context gives you a whole lot more powers than a normal Administrator. Would be much more comfortable if a remote registry access was being done ala regedit than remote execution of commands in SYSTEM privilege.. Regards Henrik
