RE: RunAs

From: k levinson (levinson_k_at_yahoo.com)
Date: 06/14/05

Next message: nobody_at_nobody.com: "Re: Kerberos & NTLM Auth in IIS6"

Previous message: k levinson: "RE: RunAs"
Maybe in reply to: martin: "RunAs"
Next in thread: Salvador.Manaois_at_infineon.com: "RE: RunAs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 14 Jun 2005 08:53:07 -0700 (PDT)
To: focus-ms@securityfocus.com

> -----Original Message-----
> From: gremagehan@web.de [mailto:gremagehan@web.de]

> and use this scanner. But only an user with an
admin-rights
> can use this
> scanner.

Usually this is just because of a few missing file or
registry permissions and can be fixed without the need
to grant Admin privileges. Filemon and Regmon from
www.sysinternals.com or other utilities can help you
determine what needs to change.

> I thought that I can create a kind of "weakAdmin"
which can
> only use this
> scanner (and can't install some software, remove
users .... )
> Every user can
> then use scanner (as "weakAdmin") and the
(power-)full Admin
> will be reserved
> only for me. Or do you think it can be solved with
an usergroup?

The latter. You cannot reliably create a weak Admin
account and give the user the password. My previous
suggestion about the RunAs icon, while not 100%
secure, is still a possibility.

HTH

kind regards,

Karl Levinson, CISSP

__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: nobody_at_nobody.com: "Re: Kerberos & NTLM Auth in IIS6"

Previous message: k levinson: "RE: RunAs"
Maybe in reply to: martin: "RunAs"
Next in thread: Salvador.Manaois_at_infineon.com: "RE: RunAs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
... either security is a part of everyones job or it is not. ... > might not get anything from running a scanner. ... the best practice of removing unnecessary ... > However, in a lot of environments, there isn't a dedicated security admin - ...
(Full-Disclosure)
FW: 543.rar attachment
... I take it your not the email admin for your location? ... "Systems Admin" to see the logs of the bogus attachments. ... >> Do You Yahoo!? ... Mail has the best spam protection around ...
(Security-Basics)
Re: Scanner&Burner
... All the required software shows up and is in the user mode start menu, ... The scanner is plugged in. ... attemped to to see if it would work in admin mode. ... "John McGaw" wrote: ...
(microsoft.public.security)
Re: RunAs
... I have a w2k-box with scanner. ... To give an admin password at all users is also not really god idea. ... > something like that my suggestion is that you make specific consoles ... That feature only enables you to run an application ...
(Focus-Microsoft)
Re: Scanner&Burner
... Un-installed and re-installed under admin. ... > and they offer no updated drivers. ... > suppoert is a user forum and in that all I got was " Use the scanner in Admin ... >> available version of the burner software? ...
(microsoft.public.security)