AT Command Must Be Admin Only (59523)


The information in this article applies to:

  • Microsoft LAN Manager 2.0
This article was previously published under Q59523

SUMMARY

The SCHED.LOG file of an OS/2 LAN Manager version 2.0 server should have a default permission level of "ADMINS:RWCDAXP" when created. This limits the use of the AT command to users with Admin privileges.

MORE INFORMATION

An administrator can change this privilege level to allow users who do not have administrative privileges to use the AT command. However, this should never be done on any system where security is an issue. All commands that are run by the AT command are executed with Admin privilege, not the privilege level of the user. This can create a security hole in an otherwise secure system.

Microsoft has confirmed this to be a problem in LAN Manager version 2.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.
Modification Type:MajorLast Reviewed:9/30/2003
Keywords:KB59523
©2003 Microsoft Corporation. All rights reserved.