I've discovered a nasty problem. A departed developer added a user that is strictly for COM objects to the Enterprise admins group to skirt permissions issues. I have to resolve this before putting the app into production, but I'm out of ideas for setting proper permissions.
I've isolated the process id that is running under the security context of that user, and enumerated every .dll and .exe that is involved in the process. I've reset permissions to the proper files, and reset permissions on appropriate registry keys. Still, every time that I remove the user from the Enterprise admins group, the app crashes for security reasons.
I'm pretty much at an impasse on this. I cannot let this app go into production with a gaping security hole but I cannot isolate the missing piece to the permissions puzzle. Does anyone have any ideas for isolating this?
I've isolated the process id that is running under the security context of that user, and enumerated every .dll and .exe that is involved in the process. I've reset permissions to the proper files, and reset permissions on appropriate registry keys. Still, every time that I remove the user from the Enterprise admins group, the app crashes for security reasons.
I'm pretty much at an impasse on this. I cannot let this app go into production with a gaping security hole but I cannot isolate the missing piece to the permissions puzzle. Does anyone have any ideas for isolating this?
