Re: Threat vector of running a service using a domain account
- From: "Kurt Buff" <kurt.buff@xxxxxxxxx>
- Date: Wed, 12 Sep 2007 13:01:29 -0700
Are the users admins on their own machines? If so, a login script to
add permissions for another group (LocalServiceAccounts, perhaps?)
would work.
Otherwise, a policy to add the AD group to the local Administrators
group would probably work well.
On 9/12/07, Ali, Saqib <docbook.xml@xxxxxxxxx> wrote:
I can't reveal the name of the application, but it is 3rd party non-MS
application.
The reasons it puts itself in the Domain Admin group is that it needs
administrative access to the client computers. And Domain Admin group
is part of the Local Administrator group on all client computers it
works out nicely.
saqib
http://security-basics.blogspot.com/
- References:
- Threat vector of running a service using a domain account
- From: Ali, Saqib
- RE: Threat vector of running a service using a domain account
- From: Jesse Eaton
- Re: Threat vector of running a service using a domain account
- From: Ali, Saqib
- Threat vector of running a service using a domain account
- Prev by Date: RE: Advice regarding servers and Wiping Drives after testing
- Next by Date: FW: Why isn't full disk encryption from manufactures a slam dunk?
- Previous by thread: RE: Threat vector of running a service using a domain account
- Next by thread: Re: Threat vector of running a service using a domain account
- Index(es):
Relevant Pages
|
