Re: Removing Local Admin Rights...

From: Tom Stowell (jts_at_deforest.k12.wi.us)
Date: 05/25/04

  • Next message: Jason Jaszewski: "Captive Portal" 
    Date: Tue, 25 May 2004 14:42:23 -0500
To: <jlopez_si86@hotmail.com>, <security-basics@lists.securityfocus.com>

    We're a bit smaller -- 1,000 desktops running Win2k. We instituted a
    policy like yours about two years ago. We run into problems with
    USB devices, and need to install but other than that our experience
    has been positive. Since we instituted the policy, support requests
    are down about 35%.

    Tom Stowell
    Network Administrator
    DeForest Area School District
    520 E. Holum St.
    DeForest, WI 53532
    Fax: (608)-842-6545
    Voice: (608)-842-6500
    Email: <jts@deforest.k12.wi.us>

    console, n. [From latin consolatio(n) "comfort, spiritual solace."] A device for displaying or printing condolances or obituaries for the operator.
                -- Stan Kelly-Bootle, The Computer Contradictionary.

    >>> "Jay Lopez" <jlopez_si86@hotmail.com> 05/25/04 08:48AM >>>
    I currently work for an organization with approximately 25,000 Windows
    XP/2000 desktops in an Active Directory (AD) environment. Security from an
    OS and individual application component (i.e., Outlook 2003, MS Office, IE,
    etc.) perspective is being managed via group policy objects (GPO's).

    Currently, we are pushing to remove local administrator access rights to
    individual machines to prevent users from randomly installing unapproved
    applications, prevent malware from being silently installed within the local
    administrator context, etc. Prior to our move to AD and GPO's, we received
    push-back on removing local admin rights for reasons such as the logon
    scripts would not work, etc.

    By chance, have any of you implemented any of the above--especially the
    removal of local administrator rights? If so, what support issues did you
    experience? What impact did removing local admin rights have?

    I'd like to provide as many pros and cons back to our team based on your
    feedback.

    Thanks in advance,

    Jay Lopez

    _________________________________________________________________
    FREE pop-up blocking with the new MSN Toolbar – get it now!
    http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Jason Jaszewski: "Captive Portal"

    Relevant Pages

    • Re: Removing Local Admin Rights...
      ... I want to be able to add them to the domain and remove admin rights all at ... Subject: Removing Local Admin Rights... ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: USB and smart drives
      ... Part of the issue is policy but the other half is having the technology to ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Removing Local Admin Rights...
      ... None of our users have admin rights. ... Subject: Removing Local Admin Rights... ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: Removing Local Admin Rights...
      ... Since we instituted the policy, ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: proxy
      ... It sounds like the company has a policy against employees ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)