RE: local admin vs group policy and apps...

From: Robert Jandacek (
Date: 01/18/05

  • Next message: Danny: "Re: IIS6 on W2k3 DCs"
    Date: Tue, 18 Jan 2005 09:21:56 -0700
    To: "Bruce K. Marshall" <>, "Murad Talukdar" <>, <>

    The link is actually here:

    Robert Jandacek
    Horizon IT Dept.

    -----Original Message-----
    From: Bruce K. Marshall []
    Sent: Tuesday, January 18, 2005 6:31 AM
    To: Murad Talukdar;
    Subject: Re: local admin vs group policy and apps...


    I would recommend looking at the following tool, called the Elevated
    Privileges Application Launcher (epal), from Microsoft:

    It should allow you to run your applications as a member of the
    Administrators without explicitly granting the end user the same

    Bruce K. Marshall - - 913-484-7233
    Security Professional Services, Inc. - Kansas City
    ----- Original Message ----- 
    From: "Murad Talukdar" <>
    To: <>
    Sent: Thursday, January 13, 2005 9:10 PM
    Subject: local admin vs group policy and apps...
    > Hi,
    > We have two apps (even calling them legacy seems to attribute some
    > undeserved elegance to them) which must run at admin level to function
    > properly. I am trying to find out whether the fact that users are
    > to
    > be local admins, or even given the runas power to run the app can
    still be
    > locked out of control panel etc through GPOs.
    > I mean, if I let people runas then they know the admin password so can
    > rescind any GP settings, can't they? How can I shut that possibility
    > Yes I have asked for the possibility of then apps being recoded to 
    > function
    > under power users but the development team are of the starving waif 
    > variety
    > due to under resourcing...this consideration is not high on the list.
    > Kind Regards
    > Murad Talukdar 

  • Next message: Danny: "Re: IIS6 on W2k3 DCs"