DATE: COMMAND SOURCE: AUTHOR: delete SYSTEMS AFFECTED Win NT Server 3.5, 3.51, and 4.0 PROBLEM According to MS KB Article ID: Q142017 if a domain user logs on at the server console, creates a file, and then removes all permissions from the file, no one except that user should be able to manipulate or delete that file. However, another domain user can log on at the server console and delete the file, even though the user does not have permission to do so. UserA and UserB are domain users only. They have permission to log on locally, and there is a directory on the server called Testdir. Everyone has full control of the directory. UserA logs on and creates a file called My.txt in the Testdir directory. She then removes all permissions from the file. A message appears to tell her that because she removed all permissions, no one except her will be able to do anything with the file. UserA logs off and UserB logs on. He sees My.txt in the Testdir directory. All the security options in File Manager are greyed out with regard to My.txt. He is unable to change permissions on the file or take ownership of the file. This is expected behavior. If he tries to rename the file, open it in Notepad, or type it out at a prompt, he gets an Access Denied message. However, he can delete the file with no problem. EXPLOIT SOLUTION Nothing for now.