Invention Grant
- Patent Title: System for protecting domain system configurations from users with local privilege rights
- Patent Title (中): 具有本地特权权限的用户保护域系统配置的系统
-
Application No.: US10710491Application Date: 2004-07-15
-
Publication No.: US08060937B2Publication Date: 2011-11-15
- Inventor: Nicholas M. Carroll
- Applicant: Nicholas M. Carroll
- Applicant Address: US CA Los Angeles
- Assignee: Lieberman Software Corporation
- Current Assignee: Lieberman Software Corporation
- Current Assignee Address: US CA Los Angeles
- Agency: Patent Venture Group
- Agent Raymond E. Roberts
- Main IPC: G06F21/00
- IPC: G06F21/00 ; G06F21/24 ; G06F7/04
Abstract:
A group change lockout system for protecting the configuration of a securable object in an operating system from members of a locally privileged group, such as the local administrators group, when a security descriptor exists for the securable object that includes a discretionary access control list (DACL). A copy of the security descriptor is made. Then a new access control entry (ACE) is added to the DACL in the copy. This new ACE specifies denying the local administrators group an access right to the securable object. Then the security descriptor in the operating system is overwritten with the copy.
Public/Granted literature
- US20060015741A1 System for protecting domain system configurations from users with local privilege rights Public/Granted day:2006-01-19
Information query
