Re: Minimum security
From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/17/04
- Next message: Steven Umbach: "Re: virus"
- Previous message: Marina Roos [SBS-MVP]: "Re: DHCP not assigning IP Addresses"
- In reply to: Aaron Neunz: "Minimum security"
- Next in thread: Lanwench [MVP - Exchange]: "Re: Minimum security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Feb 2004 01:37:55 GMT
I have not used roaming profiles, but generally users have full control or at
least modify to their profile.
As far as all users being local administrators, that is not a good idea unless
you have a real reason to do such and if you have to do that I think you are
better of making individual users administrators on just their computers since
the way you have it right now any domain user can log onto any domain machine
and be an administrator. Usually users are made administrators because they can
not run applications as a regular user. Administrators however can create local
accounts and then disjoin computers from the domain or log on as a local
administrator to avoid Group Policy. They can also install software and
otherwise reconfigure the computer. Power users have a lot less power than an
administrator which would be preferable if users can not do their work as a
regular user. If the problem is running applications, there maybe solutions that
involve reconfiguring ntfs/registry permissions to allow the application to work
for regular users. Software publishers may be able to help or you may try to
track down permission problems yourself. -- Steve
"Aaron Neunz" <apn@rrbiznet.com> wrote in message
news:ecaY4mM9DHA.2404@TK2MSFTNGP11.phx.gbl...
> I have the domain users group set as local administrators on all of my win
> 2000 pro workstations. Are there any ramifications to this? Should I add
> domain users to the power users group locally instead?
>
> Also I am implementing roaming profiles and would like to have the tightest
> security possible (ACL on the roaming profile share as well as local
> computer security user/group configuration) without generating any security
> related errors upon user logon.
>
> Basically authenticated users have full access to the roaming profile share
> and like I said domain users are local administrators. The roaming profiles
> I am using right now are working fine. Just looking for some best practices
> I guess.
>
> Any KB articles or suggestions would be great,
> Aaron
>
>
- Next message: Steven Umbach: "Re: virus"
- Previous message: Marina Roos [SBS-MVP]: "Re: DHCP not assigning IP Addresses"
- In reply to: Aaron Neunz: "Minimum security"
- Next in thread: Lanwench [MVP - Exchange]: "Re: Minimum security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
