Re: Permissions (EVERYONE POST TO THIS)
From: Paul A. Mancuso (pm@intenseschool.com)
Date: 01/04/03
- Next message: Peter: "local and domain 'administrator' account"
- Previous message: rj: "Windows installer?? idont know"
- In reply to: Karl Levinson [x y] mvp: "Re: Permissions (EVERYONE POST TO THIS)"
- Next in thread: Benoit Boudeville: "Re: Permissions (EVERYONE POST TO THIS)"
- Reply: Benoit Boudeville: "Re: Permissions (EVERYONE POST TO THIS)"
- Reply: eric M: "Re: Permissions (EVERYONE POST TO THIS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Paul A. Mancuso" <pm@intenseschool.com> Date: Sat, 4 Jan 2003 01:01:10 -0500
Support several networks, and the only headaches are the systems that allow
Administrator access. Totally disagree. In NT 4.0 workstations I could see
something to your argument, but in Win2k, there is no excuse for allowing
everyone Admin rights to their desktop for competant administrators.
Paul A. Mancuso
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:OsQGkX3sCHA.1628@TK2MSFTNGP10...
>
> "Eric M" <eric_magidson@hotmail.com> wrote in message
> news:069c01c2b361$19363de0$8ef82ecf@TK2MSFTNGXA04...
> > I am involved with a user group for a market specific
> > application and we are currently discussing why not to set
> > up users with administrative rights. Can you beleive how
> > many people find this an acceptable practice?
> >
> > I am a Network administrator and would never consider this
> > an option. What are your opinions? REPLY AND REPLY
> > OFTEN. I feel this is a huge exposure that needs to be
> > addressed.
>
> I disagree. This should be an option. You are right that no software
> should force you to log in as administrator or system to run it. [This
> include services like IIS, which are pretty difficult to get to run unless
> they start as System, so that hackers running remote buffer overflow
> exploits gain system-equivalent privileges. It would be great if this
would
> change.]
>
> But for workstations, revoking Administrator privileges is a big headache,
> especially for home users... and if your intention is to prevent worms and
> trojans and viruses from running, logging in as a non-administrator just
> isn't going to be very effective in that regard. For me, the benefits
> usually aren't worth the headache, unless you work in a very secure
> environment. To me there are way many more security issues that go
> unaddressed that should be addressed first, such as insecure default
> installs, Microsoft scripting technologies like VB and WSH being forced on
> your PC by Windows and IE and MS Office with no way to disable them,
> widespread lack of antivirus and firewall, etc.
>
> In other words, IMHO logging in as administrator should be a choice for
the
> user and administrator, but not a requirement from the software vendor.
> Logging in as a non-administrator is really only a viable option today for
> expert home users and companies that are prepared to make an extra
> commitment of time and effort to fix the problems that doing this causes.
>
>
>
>
- Next message: Peter: "local and domain 'administrator' account"
- Previous message: rj: "Windows installer?? idont know"
- In reply to: Karl Levinson [x y] mvp: "Re: Permissions (EVERYONE POST TO THIS)"
- Next in thread: Benoit Boudeville: "Re: Permissions (EVERYONE POST TO THIS)"
- Reply: Benoit Boudeville: "Re: Permissions (EVERYONE POST TO THIS)"
- Reply: eric M: "Re: Permissions (EVERYONE POST TO THIS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
