0

Okay, I'll be totally honest, I was at school on the PCs (that run Windows 7) and I was looking for an installer for some software that school uses as there are quite a few security exploits and back doors in the system which have allowed me to get such things before. Anyway, in doing so I noticed that from a mapped network drive with pupil's resources on I could get back to the root of the drive where the folder that was mapped is placed.

On that drive are also folders for each user that contain their user profile. Now, I have noticed that a select few folders have the Sync icon in the bottom right hand corner of the folder icon, and these folders are accessible to anyone, whereas the others require permissions to view. My friend and I were going to test it out if we could access each other's account folders, but unfortunately (or fortunately as the case may be) our folders can not be accessed by other user's, even when we're logged on and we wasn't going to play with other people's data (we're doing this for the school's benefit, not ours). However, I'm assuming that you can not only view the folder, but also modify it, which is a definite security breach.

So, my question is: does anyone know a feasible explanation for this? I feel it necessary to tell someone about this discovery but I don't want it to seem as though I stumbled upon it because I was purposely trying to hack the system or anything. Therefore, I was think that I could claim that I had read or gained the knowledge that poor configuration or whatever can lead to this problem, and maybe even provide a solution etc.

Please don't lecture me on the reason behind me asking this question, and remember that I am not doing this for personal gain. I thank you in advance, and if anybody needs any more information or clarification please don't hesitate to ask.

PS I think that the school uses Windows 7 Professional to be precise.

Improve this question
1
  • I'm not sure if this is the equivilent of a bump or if I'm supposed to do this, but if anybody is reading: I would really appreciate some help as soon as possible, preferably before 9 tonight (UTC)! Even if you can't garuntee the case or just have a suspicion etc., please still try to answer me. Thanks in advance
    – Andy
    Commented Jan 26, 2012 at 16:31

1 Answer 1

Reset to default
0

Okay, I had to tell someone about this security issue I have identified today any without information back up knowledge. Luckily, I am fairly well respected at school and most people (including the technician) are aware of my extensive IT knowledge, so I was suspected of anything etc...

So, I'll just fill you in and hopefully it may help some one as I am assuming nobody on SuperUser knew the answer. Basically, the technician just said that "the permissions needed changing" on the account folders that we're accessible, obviously because I'm only a pupil I couldn't really enquire further, however I do suspect it had something to do with the Sync Center due to the icon that appeared in the bottom right of the folder icon.

Though, I am going to read up about Windows 7 with accounts on a server as I am not familiar with the set up so I can't be sure that the problem is to do with Syncing. Therefore, if anybody can fill me in anywhere please still be my guest as I'd still really like to know the full answer!

With thanks and kind regards.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .