Re: Admin Rights required on Terminal Services

• Previous message: Vladamir: "Re: Is Dynamic WEP Secure Enough?"
• Maybe in reply to: sf_mail_sbm_at_yahoo.com: "Admin Rights required on Terminal Services"
• Next in thread: sf_mail_sbm_at_yahoo.com: "Re: Admin Rights required on Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Mar 2005 11:21:18 -0000
To: security-basics@securityfocus.com

>From: Security <security@ucw.com.au>
>

>With the TS config for a custom writen prog, if you cannot give admin
>rights to everyone (fair enough), one thing you could do is start
>security "failure" auditing for everything on the TS box.

Somthing similar was proposed in a previous post, will try to do this (if time permits ;)

However does not seem to be a 'clean' and 'professional' way to make this thing work

>Or,
>Why not give admin access to users and use group policy to remove any
>icons or access paths to any sensitive areas.

This is what we have decided to do in the meantime, give user admin rights, and restrict 'all' his access, at least accesses that he won't need: remove command prompt, control panel, disable right-click, remove access to local disk (will be moving to a thin client environment), all everything else available in the Group Policy

>I am very interested in the outcome of this thread. Please continue to
>post ideas.

Me too! Yeah please post new ideas

• Previous message: Vladamir: "Re: Is Dynamic WEP Secure Enough?"
• Maybe in reply to: sf_mail_sbm_at_yahoo.com: "Admin Rights required on Terminal Services"
• Next in thread: sf_mail_sbm_at_yahoo.com: "Re: Admin Rights required on Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Granting client local admin access via GPO to logged on user o ... we use round 150 different applications on windows 2000 and no user needs administrator rights to run them. ... What is the problem with them having admin access to "any machine", ... (microsoft.public.windows.server.active_directory) Re: error when trying to get a remote security policy... Please help!!! ... I have full admin rights on the directories. ... Is this a domain machine? ... >> to get the security policy from, infact I have network admin access. ... (microsoft.public.win2000.security) Re: Granting client local admin access via GPO to logged on user o ... "Meinolf Weber" wrote: ... key's where they need more rights. ... How often have they to install printers? ... What is the problem with them having admin access to "any machine", ... (microsoft.public.windows.server.active_directory) Re: vb.net and Vista-daily use ... You can set it to always open with admin access. ... I'm assuming you have installed both VS2005/SP-1 and the SP-1 Vista Patch ... an account with local admin rights, or should I use ordinary user rights ... and enable one the Visual Studio app to run with administrator rights? ... (microsoft.public.dotnet.languages.vb) Security holes in ForamiX ... ('binary' encoding is not supported, ... Admin access ... More details in french: ... translated by google: ... (Vuln-Dev)