Re: Permissions (EVERYONE POST TO THIS)

From: asdf0987z@yahoo.com
Date: 01/11/03 

From: asdf0987z@yahoo.com (asdf0987z@yahoo.com)
Date: 11 Jan 2003 14:21:12 -0800

I will place myself on the side of all that is good and right in the
world and say that this is unacceptable practice for any userland
application no matter what it is.

Why? As others have said before me: the obvious potential for
crapping the entire local machine as well as the network is one
reason. But in my opinion, more importantly, an act such as this
shows a grave deviation from the (finally) decent security
implementation that comes standard with Windows 2000.

And this issue really has nothing to do with user "trust" or
education--I don't even like running fulltime as Administrator in a
networked/Domin type situation (yes, I come from a UNIX background).
One simple accident and it's hours at the Arcserve console.

And yes, developers need admin rights on their machines, but unless
you are planning to isolate them like they carry the plague of death
from the rest of your network be prepared to suffer the wrath and add
hours to your schedule.

If you required this as part of your package, I wouldn't even think of
deploying it. It's not up to you to determine the security policy in
my enterprise.

Yes, of course, Autodesk requires near-Admin rights to run AutoCAD and
I do it, but you don't have monopoly power in the field so forget it.
;)

Bill

"Eric M" <eric_magidson@hotmail.com> wrote in message news:<069c01c2b361$19363de0$8ef82ecf@TK2MSFTNGXA04>...
> I am involved with a user group for a market specific
> application and we are currently discussing why not to set
> up users with administrative rights. Can you beleive how
> many people find this an acceptable practice?
>
> I am a Network administrator and would never consider this
> an option. What are your opinions? REPLY AND REPLY
> OFTEN. I feel this is a huge exposure that needs to be
> addressed.
>
> Thank you,
> Eric

Relevant Pages

  • Administrator is not the "Boss" on this machine.
    ... both as a standone and when I'm at my office to network to ... my desktop (running win98se), which only I use. ... the rights, and nothing I can't change, and that seemed to ... ADMINISTRATOR. ...
    (microsoft.public.win2000.security)
  • Re: Least User Priviledges for Network Administrators
    ... While implementing the principle of least privilege is a noble goal I think ... network, disable Windows Updates because they read somewhere it would slow ... users that need administrator access to logon as a regular user and then use ... administrative rights. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Active Directory
    ... It sounds to me like you may have issues with rights delegation. ... assign this new group administrator rights locally. ... Either the local security policy or the assignment of security ... need to deny logon locally and/or deny logon through the network. ...
    (Focus-Microsoft)
  • Re: Userenv Event 1030 Problem - cannot edit GPO
    ... group that did already have "log on from network" rights. ... Logged back in as Administrator and now I can ... Eriq Neale - Small Business Specialist, MCSE, MCSA Messaging, Mac Guru EON Consulting - www.eonconsulting.net ...
    (microsoft.public.windows.server.sbs)
  • Re: I need Job Blobb
    ... > Windows and Network administratation. ... > In a job I would like to administrate servers, ... > Title: ISP Network Administrator ... > o Building, installation, configuration and tuning ...
    (microsoft.public.cert.exam.mcse)