RE: local admin vs group policy and apps...
From: Robert Jandacek (rjandacek_at_horizononline.com)
Date: 01/18/05
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: IIS6 on W2k3 DCs"
- Maybe in reply to: Murad Talukdar: "local admin vs group policy and apps..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Jan 2005 09:21:56 -0700 To: "Bruce K. Marshall" <bkmlstsgohere@comcast.net>, "Murad Talukdar" <talukdar_m@subway.com>, <focus-ms@securityfocus.com>
The link is actually here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=
CF3CC921-9B8E-4266-A905-2E2A20217CE0
Robert Jandacek
Horizon IT Dept.
-----Original Message-----
From: Bruce K. Marshall [mailto:bkmlstsgohere@comcast.net]
Sent: Tuesday, January 18, 2005 6:31 AM
To: Murad Talukdar; focus-ms@securityfocus.com
Subject: Re: local admin vs group policy and apps...
Murad,
I would recommend looking at the following tool, called the Elevated
Privileges Application Launcher (epal), from Microsoft:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/e
pal.mspx
It should allow you to run your applications as a member of the
Administrators without explicitly granting the end user the same
privileges.
---- Bruce K. Marshall - bmarshall@securityps.com - 913-484-7233 Security Professional Services, Inc. - Kansas City ----- Original Message ----- From: "Murad Talukdar" <talukdar_m@subway.com> To: <> Sent: Thursday, January 13, 2005 9:10 PM Subject: local admin vs group policy and apps... > Hi, > We have two apps (even calling them legacy seems to attribute some > undeserved elegance to them) which must run at admin level to function > properly. I am trying to find out whether the fact that users are allowed > to > be local admins, or even given the runas power to run the app can still be > locked out of control panel etc through GPOs. > > I mean, if I let people runas then they know the admin password so can > rescind any GP settings, can't they? How can I shut that possibility out? > > Yes I have asked for the possibility of then apps being recoded to > function > under power users but the development team are of the starving waif > variety > due to under resourcing...this consideration is not high on the list. > > Kind Regards > Murad Talukdar ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: IIS6 on W2k3 DCs"
- Maybe in reply to: Murad Talukdar: "local admin vs group policy and apps..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
