Re: Permissions (EVERYONE POST TO THIS)
From: eric M (eric_magidson@hotmail.com)
Date: 01/07/03
- Next message: Paul Swanson: "Re: Logon Time Limits"
- Previous message: Eric M: "Re: Permissions (EVERYONE POST TO THIS)"
- In reply to: Paul A. Mancuso: "Re: Permissions (EVERYONE POST TO THIS)"
- Next in thread: Jeff Cochran: "Re: Permissions (EVERYONE POST TO THIS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "eric M" <eric_magidson@hotmail.com> Date: Mon, 6 Jan 2003 16:34:34 -0800
Paul - Thank you for your opinions.
>-----Original Message-----
>Support several networks, and the only headaches are the
systems that allow
>Administrator access. Totally disagree. In NT 4.0
workstations I could see
>something to your argument, but in Win2k, there is no
excuse for allowing
>everyone Admin rights to their desktop for competant
administrators.
>
>Paul A. Mancuso
>
>"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote
in message
>news:OsQGkX3sCHA.1628@TK2MSFTNGP10...
>>
>> "Eric M" <eric_magidson@hotmail.com> wrote in message
>> news:069c01c2b361$19363de0$8ef82ecf@TK2MSFTNGXA04...
>> > I am involved with a user group for a market specific
>> > application and we are currently discussing why not
to set
>> > up users with administrative rights. Can you beleive
how
>> > many people find this an acceptable practice?
>> >
>> > I am a Network administrator and would never consider
this
>> > an option. What are your opinions? REPLY AND REPLY
>> > OFTEN. I feel this is a huge exposure that needs to be
>> > addressed.
>>
>> I disagree. This should be an option. You are right
that no software
>> should force you to log in as administrator or system
to run it. [This
>> include services like IIS, which are pretty difficult
to get to run unless
>> they start as System, so that hackers running remote
buffer overflow
>> exploits gain system-equivalent privileges. It would
be great if this
>would
>> change.]
>>
>> But for workstations, revoking Administrator privileges
is a big headache,
>> especially for home users... and if your intention is
to prevent worms and
>> trojans and viruses from running, logging in as a non-
administrator just
>> isn't going to be very effective in that regard. For
me, the benefits
>> usually aren't worth the headache, unless you work in a
very secure
>> environment. To me there are way many more security
issues that go
>> unaddressed that should be addressed first, such as
insecure default
>> installs, Microsoft scripting technologies like VB and
WSH being forced on
>> your PC by Windows and IE and MS Office with no way to
disable them,
>> widespread lack of antivirus and firewall, etc.
>>
>> In other words, IMHO logging in as administrator should
be a choice for
>the
>> user and administrator, but not a requirement from the
software vendor.
>> Logging in as a non-administrator is really only a
viable option today for
>> expert home users and companies that are prepared to
make an extra
>> commitment of time and effort to fix the problems that
doing this causes.
>>
>>
>>
>>
>
>
>.
>
- Next message: Paul Swanson: "Re: Logon Time Limits"
- Previous message: Eric M: "Re: Permissions (EVERYONE POST TO THIS)"
- In reply to: Paul A. Mancuso: "Re: Permissions (EVERYONE POST TO THIS)"
- Next in thread: Jeff Cochran: "Re: Permissions (EVERYONE POST TO THIS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
