RE: local admin vs group policy and apps...

From: Benjamin D. Goldman (bgoldman_at_kipany.com)
Date: 01/14/05

  • Next message: Benjamin D. Goldman: "RE: IIS6 on W2k3 DCs" 
    Date: Fri, 14 Jan 2005 14:23:03 -0500
To: "Murad Talukdar" <talukdar_m@subway.com>, <focus-ms@securityfocus.com>

    a few points:

    1) if these apps are com, you can set what they run as in the component services control panel. There is a procedure for this, so you have to look it up
    2) if these are simple applications that need admin for remote file access or for data access, the pre-compiled app can be re-written to include login credentials, etc...

    -----Original Message-----
    From: Murad Talukdar [mailto:talukdar_m@subway.com]
    Sent: Thursday, January 13, 2005 10:11 PM
    To: focus-ms@securityfocus.com
    Subject: local admin vs group policy and apps...

    Hi,
    We have two apps (even calling them legacy seems to attribute some
    undeserved elegance to them) which must run at admin level to function
    properly. I am trying to find out whether the fact that users are allowed to
    be local admins, or even given the runas power to run the app can still be
    locked out of control panel etc through GPOs.

    I mean, if I let people runas then they know the admin password so can
    rescind any GP settings, can't they? How can I shut that possibility out?

    Yes I have asked for the possibility of then apps being recoded to function
    under power users but the development team are of the starving waif variety
    due to under resourcing...this consideration is not high on the list.

    Kind Regards
    Murad Talukdar

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Benjamin D. Goldman: "RE: IIS6 on W2k3 DCs"

    Relevant Pages

    • Problems with image on Windows XP - How XP behaves after a Restore
      ... Create TestUser(what I use to run/test all apps) and log in as that user - ... Customize the office settings - once I have all the settings ... Now the problem - when I restore the image to an identical or same machine ... Sometimes when a non admin user logs in and then runs IE the Windows ...
      (microsoft.public.windowsxp.general)
    • RE: How to block users from installing other apps
      ... admin password. ... How to block users from installing other apps ... It's not hard to manipulate permissions for your apps so that these users ... |> SBC Yahoo! ...
      (Focus-Microsoft)
    • local admin vs group policy and apps...
      ... or even given the runas power to run the app can still be ... if I let people runas then they know the admin password so can ... Yes I have asked for the possibility of then apps being recoded to function ... under power users but the development team are of the starving waif variety ...
      (Focus-Microsoft)
    • Re: RUNAS command
      ... Why do you need to be admin. ... Defending our democracy', ... > This app starts some different apps, which should run all under admin ...
      (microsoft.public.windowsxp.general)
    • Re: Norton Internet Security 2005 Personal Firewall slows down Windows XP startup
      ... I run windows xp pro as admin always, you can't install apps as ... > runs as a User account all the time. ...
      (comp.security.firewalls)