Re: Removing Local Admin Rights...
From: Simon Taplin (simont_at_pop.co.za)
Date: 05/29/04
- Previous message: Ayers, Diane: "RE: Cisco CSA"
- In reply to: Craig, Jason: "RE: Removing Local Admin Rights..."
- Next in thread: Robinson, Sonja: "RE: Removing Local Admin Rights..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 29 May 2004 17:37:25 +0200 To: "Craig, Jason" <jcraig@ucdavis.edu>
Most of the Adobe products don't run properly unless the User is part of
the Power User Groups or higher for whatever reason. I remember that
InDesign 1.5 needed to install Japanese fonts if the user was part of
the Users group.
Simon
Craig, Jason wrote:
> Jay,
>
> None of our users have admin rights. Most apps will run fine. We've run
> into quirks with label printer software, and the usual problems with Adobe
> apps but we've been able to make things run without any problems. Most
> things are well documented, and if they're not regmon and filemon are your
> friends. We've been running this way for 3+ years and it has made our
> lives
> much easier.
>
> -j
> -----Original Message-----
> From: KEN MORRIS [mailto:KMORRIS@kpl.org] Sent: Tuesday, May 25, 2004
> 12:42 PM
> To: Jay Lopez; security-basics@lists.securityfocus.com
> Subject: RE: Removing Local Admin Rights...
>
> Jay,
> First thing I would do would be to check to see if there is any non-M$
> programs installed that are needed in the organization. IF there are,
> thoroughly test those programs under both O/S before removing local admin
> rights. Some software will run only under local admin user accounts. I
> have tried
> here and found that in certain programs there is no work around other than
> local admin to allow users to run the software. Even setting them as power
> users does not work.
> Regards,
> Ken
>
> -----Original Message-----
> From: Jay Lopez [mailto:jlopez_si86@hotmail.com]
> Sent: Tuesday, May 25, 2004 9:48 AM
> To: security-basics@lists.securityfocus.com
> Subject: Removing Local Admin Rights...
>
> I currently work for an organization with approximately 25,000 Windows
> XP/2000 desktops in an Active Directory (AD) environment. Security from an
> OS and individual application component (i.e., Outlook 2003, MS Office, IE,
> etc.) perspective is being managed via group policy objects (GPO's).
>
> Currently, we are pushing to remove local administrator access rights to
> individual machines to prevent users from randomly installing unapproved
> applications, prevent malware from being silently installed within the
> local
> administrator context, etc. Prior to our move to AD and GPO's, we received
> push-back on removing local admin rights for reasons such as the logon
> scripts would not work, etc.
>
> By chance, have any of you implemented any of the above--especially the
> removal of local administrator rights? If so, what support issues did you
> experience? What impact did removing local admin rights have?
>
> I'd like to provide as many pros and cons back to our team based on your
> feedback.
>
> Thanks in advance,
>
> Jay Lopez
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar - get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
>
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills of an Ethical Hacker to better assess the security of your
> organization. Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off any course! All of our class sizes are guaranteed to be 10 students
> or less to facilitate one-on-one interaction with one of our expert
> instructors. Attend a course taught by an expert instructor with years
> of in-the-field pen testing experience in our state of the art hacking
> lab. Master the skills of an Ethical Hacker to better assess the
> security of your organization. Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.550 / Virus Database: 342 - Release Date: 2003/12/09
>
>
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Ayers, Diane: "RE: Cisco CSA"
- In reply to: Craig, Jason: "RE: Removing Local Admin Rights..."
- Next in thread: Robinson, Sonja: "RE: Removing Local Admin Rights..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
