Re: How effective is a router as a firewall?

From: Leythos (void_at_nowhere.com)
Date: 10/25/03 

Date: Sat, 25 Oct 2003 19:18:30 GMT

In article <bne6ma$e6v$1@news.shlink.de>, wolfgang@shconnect.de says...
> Duane Arnold wrote:
>
>
> > Using the Admin account is only bad if the machine is compromised, [...]
>
> Wrong. Already the name tells you that. The account is called adminisitrator
> because it is necessaey for adminstrative tasks, and *nothing* else.
>
> Normal use of a computer must never take place using a privileged account.
>
> Wolfgang

In many cases, while not administering the computer, you need to be a
member of the Administrators Group.

When you are doing development work using many tools, you can not just
be a member of the Domain Users group, even "Power Users" groups doesn't
always have enough rights.

In a domain model, the workstation local admins group often contains the
Domain Users group - this allows users at those workstations to install
software and such. While not an ideal idea, it is done all over the
world.

The idea that you should never run under and Administrators Group
account is very sound, but it's very hard to do in development
environments and in environments for home use where the users have very
little computer savvy. In most cases, even if you show them how to
switch they will just stick with the EASY account.

This is one of the reasons for all the other layers of security.

On my unix machines I almost never run with the root account, but on my
Windows machines I almost always run as a local admin (not necessarily a
domain admin account). 

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: User type
    ... Domain Administrators group (actually you only leave it in default group -- ... Add this computer account to new domain group called e.g. ... After you have this account and group created you can write a short script ... group where your users who need to be local admins are located. ...
    (microsoft.public.windows.server.setup)
  • Re: Event ID: 1202
    ... No mapping between account names and security IDs was ... SeIncreaseBasePriorityPrivilege = Administrators ... "Meinolf Weber" wrote: ... A user account in one or more Group policy objects (GPOs) could not ...
    (microsoft.public.win2000.active_directory)
  • Re: Rid AD of Circular Group Membership
    ... I'll try to keep this going; because it might be useful to another admin ... The quess is each has an account and uses it, ... part of stations) into the machine local Administrators group. ... Administrators Group has a members: ...
    (microsoft.public.windows.group_policy)
  • Re: Event ID: 1202
    ... No mapping between account names and security IDs was done. ... User Rights configuration completed with error. ... SeIncreaseBasePriorityPrivilege = Administrators ... unresolvable account exists only in one GPO. ...
    (microsoft.public.win2000.active_directory)
  • Re: Program Problems for non-administrators
    ... The user cant burn CDs because the media player absolutely wont function in her account but switch it to an administrator and all is well. ... User accounts will say they have an older version of a program but the administrators account says everything is up to speed. ... Quite simply, the installation routine for this application doesn't "know" how to handle individual user profiles, or the application tries to make changes to "off-limits" sections of the registry or protected Windows system folders. ... you can make this software available to other users by _copying_ the Start Menu folder and Desktop folder shortcuts from the user profile from which the software was installed in the corresponding folders in the user profilein which you'd like the software to be accessible. ...
    (microsoft.public.windowsxp.general)