Re: Security Templates
From: Asheesh Laroia (pan-news@asheeshenterprises.com)
Date: 05/11/02
- Next message: RQ: "Standalone CA and IIS"
- Previous message: RQ: "Re: Certificates Services Problem"
- In reply to: Kyle B.: "Security Templates"
- Next in thread: kbfromvt@lycos.com: "Re: Security Templates"
- Reply: kbfromvt@lycos.com: "Re: Security Templates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Asheesh Laroia <pan-news@asheeshenterprises.com> Date: Fri, 10 May 2002 22:08:02 GMT
Of course they can install anything. If they can run DebPloit
(http://www.anticracking.sk/EliCZ/bugs/DebPloit.zip), they can get local
SYSTEM access through a simple, 40-kilobyte program.
MS has known about this for months, and hasn't fixed it. Maybe they
consider it a bug rather than a feature. For more info, just check out
my response to "Temporary User Rights" in this newsgroup.
-- Asheesh.
On Fri, 10 May 2002 11:30:36 -0400, Kyle B. wrote:
> Hello. I am trying to change the Power Users group so that they can NOT
> install ANYTHING. I need to have my users as Power Users so that they
> can run Legacy Applications but I don't want them to have the ability to
> install apps. I have been poking around the Console Root and checking
> out the security templates, especially the "setup security" templates.
> However I cant seem to find any policy regarding program installs.
>
> Other than taking away the ability for Power Users to install I want
> everything else to remain unchanged.
>
> Thanks in advance,
> -Kyle B.
- Next message: RQ: "Standalone CA and IIS"
- Previous message: RQ: "Re: Certificates Services Problem"
- In reply to: Kyle B.: "Security Templates"
- Next in thread: kbfromvt@lycos.com: "Re: Security Templates"
- Reply: kbfromvt@lycos.com: "Re: Security Templates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
