The reason I make a gripe list is because I believe there is a balance between necessary security and functionality. We all know vendors make bad architectural decisions with their applications and sometimes utopian security concepts cause more grief than reduction of support costs and real world security. I have been scripting in some secure environments and I'd like to see what policies have caused you grief. Here is my list of top security configurations that have caused me fun.


Windows Installer's DisableBrowse has caused upgrades using different source paths and REINSTALL=ALL to fail.

Restriciting access to the security eventlog will prevent Windows Installer 3.1 from installing.

Locking down access to HKCR for end users causes huge ammounts of scripting overhead finding all the registry keys that need to be opened up so the app will work. Maybe it is the apps I work with but you'd be suprised how many apps need to manipulate this hive.

Enabling cab signing is more of a pain in the ______. Apps that do not allow you to make an administrative installation but use many cab files require some jumping through hoops to sign all the cabs.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Found a new one. Not allowing users to have the right to create global objects will break a few applications. Most notibly Oracle 10 and Exceed 11.
Answered 09/05/2006 by: kkaminsk
Ninth Degree Black Belt

Please log in to comment
0
ORIGINAL: kkaminsk

Found a new one. Not allowing users to have the right to create global objects will break a few applications. Most notibly Oracle 10 and Exceed 11.


Add CICS to that list...
Answered 09/05/2006 by: revizor
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity