COMMAND

    startup folder

SYSTEMS AFFECTED

    Win2k

PROBLEM

    Frank Monroe found following.   He noticed a problem with  Windows
    2000 that makes  it easy for  one user to  introduce a trojan  for
    the next  user who  logs on  to the  PC.   Normally, the All Users
    profile  is  denied  write  access  by  all  but  members  of  the
    Administrators  and  SYSTEM  groups.   However,  if you build your
    Windows  2000  system  using  an  unattended  answer  file and you
    specify the  OEMPreinstall option,  the installation  process does
    not secure that  directory.  It  also does not  secure the Default
    User directory or mark it hidden.

SOLUTION

    The  problem  is  easy  to  work  around.   You  just  correct the
    permissions.