COMMAND SMS SYSTEMS AFFECTED SMS 2.0 Remote Control PROBLEM Frank Monroe found following. He noticed the problem that he explain below when SMS 2.0 was released. One of the features of SMS 2.0, Remote Control, introduces a security risk that will allow the attacker to run programs in system context. In system context, the program can do pretty much whatever it wants to. The risk is due to the fact that the executable used for the remote control service is copied to the workstation without any special permission settings to prevent a user from replacing the executable. This only matters on NTFS permissions, of course. Here is an easy way to see the problem: * Rename %SMS_LOCAL_DIR%\MS\SMS\CLICOMP\REMCTRL\WUSER32.EXE to *.OLD * Copy %SystemRoot%\System32\musrmgr.exe to %SMS_LOCAL_DIR%\MS\SMS\CLICOMP\REMCTRL\WUSER32.EXE * Reboot PC After you reboot the PC, user manager will run. At this point, the non admin user can grant administrator privileges to whoever he wants. SOLUTION To get around the issue, create the \ms\sms\clicomp\remctrl directory and set appropriate permissions on the directory before SMS is installed. If SMS is already installed, you can simply change the permissions on the directory and contents. Hopefully MS will decide to fix this in the next SMS 2.0 SP.