Re: local admin vs group policy and apps...

From: Bruce K. Marshall (bkmlstsgohere_at_comcast.net)
Date: 01/18/05

  • Next message: Chris Harrington: "RE: PGP and Outlook" 
    To: "Murad Talukdar" <talukdar_m@subway.com>, <focus-ms@securityfocus.com>
Date: Tue, 18 Jan 2005 07:31:23 -0600

    Murad,

    I would recommend looking at the following tool, called the Elevated
    Privileges Application Launcher (epal), from Microsoft:

    http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/epal.mspx

    It should allow you to run your applications as a member of the
    Administrators without explicitly granting the end user the same privileges. 

    ----
Bruce K. Marshall - bmarshall@securityps.com - 913-484-7233
Security Professional Services, Inc. - Kansas City
----- Original Message ----- 
From: "Murad Talukdar" <talukdar_m@subway.com>
To: <>
Sent: Thursday, January 13, 2005 9:10 PM
Subject: local admin vs group policy and apps...
> Hi,
> We have two apps (even calling them legacy seems to attribute some
> undeserved elegance to them) which must run at admin level to function
> properly. I am trying to find out whether the fact that users are allowed 
> to
> be local admins, or even given the runas power to run the app can still be
> locked out of control panel etc through GPOs.
>
> I mean, if I let people runas then they know the admin password so can
> rescind any GP settings, can't they? How can I shut that possibility out?
>
> Yes I have asked for the possibility of then apps being recoded to 
> function
> under power users but the development team are of the starving waif 
> variety
> due to under resourcing...this consideration is not high on the list.
>
> Kind Regards
> Murad Talukdar 
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Chris Harrington: "RE: PGP and Outlook"

    Relevant Pages

    • RE: local admin vs group policy and apps...
      ... local admin vs group policy and apps... ... or even given the runas power to run the app can still be ... Yes I have asked for the possibility of then apps being recoded to function ... under power users but the development team are of the starving waif variety ...
      (Focus-Microsoft)
    • RE: local admin vs group policy and apps...
      ... local admin vs group policy and apps... ... > We have two apps (even calling them legacy seems to attribute some ... or even given the runas power to run the app can ...
      (Focus-Microsoft)
    • RE: How to block users from installing other apps
      ... How to block users from installing other apps ... and add their domain account to the local admin group. ...
      (Focus-Microsoft)
    • Re: Granting Domain Users Local Admin Rights
      ... environment how is giving Domain Users local admin rights insufficient? ... All users getting Local Admin privileges? ...
      (microsoft.public.windowsxp.security_admin)
    • RE: local admin vs group policy and apps...
      ... what every user needs access to--whether to modify or read etc. ... It also appears that as one of the apps is two programs 'married' together ... local admin vs group policy and apps... ... The gpo setting, prohibit access to the control panel, ...
      (Focus-Microsoft)