`Date: Tue, 23 Mar 1999 23:40:55 -0000
From: Mnemonix <mnemonix@GLOBALNET.CO.UK>
Subject: Index Server 2.0 and the Registry
When Microsoft's Index Server 2.0 is installed on NT 4 with
Internet Information Server 4 it opens a new "AllowedPath"
into the Windows NT Registry.
Administrators can control who can access the Windows NT
Registry via the network by editing permissions on the
Winreg key found under
By default, on NT Server 4, the permissions on this key are
set to Administrators with Full Control. No-one else should
have access (although it doesn't really work out like this in
the end.) There are certain paths through the Registry that
remote users, whether they are Administrators are not, may
access. These are listed in the AllowedPaths subkey found
under the Winreg key. These paths are to allow basic network
operations such as printing etc to continue as normal.
Index Server 2.0 creates a new "AllowedPath":
meaning that anyone with an local or domain account for that
machine, including Guests, are able to discover the physical
path to directories being indexed or if a directory found in a
network share is being index they can learn the name of the
machine on which the share resides and the name of the user
account used to access that share on behalf of Index and
Internet Information Server. Permissions on the above key and
its sub-key give Everyone read access.
Note that regedit and regedt32 can not be used to access this
information. Tools such as reg.exe or home-baked efforts must
In most cases this issue represents a mild risk, but one worth
noting and resolving by removing if this adversely affects you
and your security policy.