Re: Removing Local Admin Rights...

From: Simon Taplin (simont_at_pop.co.za)
Date: 05/29/04

  • Next message: Byron Copeland: "Re: DNS and SMTP"
    Date: Sat, 29 May 2004 17:35:31 +0200
    To: Murad Talukdar <talukdar_m@subway.com>
    
    

    Have a look at the Active Directory Migration Tool. It migrates the PC
    to the new domain, migrates the user's local profile. The tool also
    moves the Domain user into the same Local group that it was in the
    workgroup settings (Power Users's, Administrators, etc)

    Simon

    Murad Talukdar wrote:

    > I'm pushing to get this on our network too--one question though is that as
    > we were originally setup as a workgroup (and this is changing to being part
    > of ad domain when we upgrade to 2003)--how do I keep users profiles and
    > 'migrate' them so that they keep the desktop settings that they have?
    > I want to be able to add them to the domain and remove admin rights all at
    > the same time but I know how much whinging there will be if people lose
    > their settings etc or have to recreate.
    > Any hints would be great.
    > Murad Talukdar
    >
    >
    > ----- Original Message -----
    > From: "Jay Lopez" <jlopez_si86@hotmail.com>
    > To: <security-basics@lists.securityfocus.com>
    > Sent: Tuesday, May 25, 2004 11:48 PM
    > Subject: Removing Local Admin Rights...
    >
    >
    > I currently work for an organization with approximately 25,000 Windows
    > XP/2000 desktops in an Active Directory (AD) environment. Security from an
    > OS and individual application component (i.e., Outlook 2003, MS Office, IE,
    > etc.) perspective is being managed via group policy objects (GPO's).
    >
    > Currently, we are pushing to remove local administrator access rights to
    > individual machines to prevent users from randomly installing unapproved
    > applications, prevent malware from being silently installed within the local
    > administrator context, etc. Prior to our move to AD and GPO's, we received
    > push-back on removing local admin rights for reasons such as the logon
    > scripts would not work, etc.
    >
    > By chance, have any of you implemented any of the above--especially the
    > removal of local administrator rights? If so, what support issues did you
    > experience? What impact did removing local admin rights have?
    >
    > I'd like to provide as many pros and cons back to our team based on your
    > feedback.
    >
    > Thanks in advance,
    >
    > Jay Lopez
    >
    > _________________________________________________________________
    > FREE pop-up blocking with the new MSN Toolbar - get it now!
    > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
    >
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    > skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    >
    >
    >
    >
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Byron Copeland: "Re: DNS and SMTP"

    Relevant Pages

    • RE: Odd Pen-test: Security Camera
      ... >> Ethical Hacking at the InfoSec Institute. ... >> pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Pen-Test)
    • Re: exposure to bootable Linux distros
      ... If you like PHLAK, you'll love Knoppix-STD (Security ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Conducting vulnerability assessment for the first time
      ... >Ethical Hacking at the InfoSec Institute. ... >to facilitate one-on-one interaction with one of our expert instructors. ... >pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: password protect encrypted directory
      ... I would like to password protect this directory so even the user who ... >Ethical Hacking at the InfoSec Institute. ... >pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: restore Administrator password
      ... >> Ethical Hacking at the InfoSec Institute. ... >> Attend a course taught by an expert instructor with years of ... >> pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)