Re: Tighten Security
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 02/21/03
- Next message: papasmurf: "good firewall for win2k pro"
- Previous message: Karl Levinson [x y] mvp: "Re: Network Hacking"
- In reply to: Onion: "Tighten Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Thu, 20 Feb 2003 21:27:48 -0500
Can't reliably be done. Any administrator can undo just about any
restriction you can set up. If you don't trust the person, you take them
out of the local Administrators group, period.
Once you do that, on Windows 2000 you generally next use gpedit.msc or the
Group Policy and other security related MMC snap-ins to lock down what they
can do in the Windows GUI. Since these people will probably have local
login ability, you should also consider doing these things:
http://securityadmin.info/faq.htm#harden
"Onion" <michaelcebula@northwesternmutual.com.nospam> wrote in message
news:044601c2d8ac$13a9e0f0$a601280a@phx.gbl...
> I have a project to tighten security and access on our
> Windows 2000 Servers. My team only supports the OS and
> various other teams support the apps that run on the
> servers. As we all know, not all app's(especially server
> app's) can run with only Local User Access. I need to
> figure out a why (if possible) to disallow/deny a subset
> of the Local Administrators Group to peform the following
> tasks: modify NTFS permissions, create shares, manage
> local groups, ability to reset local admin password, etc.
> I am making use of GPO's for various things. Took care
> of permissions on standard services by using subinacl to
> deny the App groups access.
>
> Any thoughts!!!
- Next message: papasmurf: "good firewall for win2k pro"
- Previous message: Karl Levinson [x y] mvp: "Re: Network Hacking"
- In reply to: Onion: "Tighten Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
