Security Basics mailing list archives
Re: SUS server
From: Doug.Janelle () Thermo com
Date: Fri, 8 Apr 2005 15:37:46 -0400
Not the only way, just the easiest. A better solution is to find the effected registry keys and/or folders and grant the user the necessary rights to those areas. Oftentime, its simply a matter of going to HKLM\Software\{vendorname}. Tools like Sysinternals' RegMon and FIleMon can help fine tune the process. An eminantly better solution than granting local admin rights, and doesn't take more than a couple minutes to impliment. dcj2
While local Admin rights may violate quite a few security protocols as well as administration protocols, it sometimes is the ONLY way to get certain things done. I manage a small group of Engineers that do everything from CAD work to ASIC design. It is in their job descriptions to constantly attempt new design changes/fixes/upgrades and a lot of the time they are installing new patches/upgrades/versions of the tools that they use. Even with push out from AD, this would still slow them down too much.
Power User level won't work either, as too many of these programs want to write to "privileged" places on the file structure. Yes, they do blow stuff up from time to time (which we warn them is THEIR responsibility), anything other than local admin simply isn't productive.
--------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- RE: SUS server, (continued)
- RE: SUS server hartmann (Apr 08)
- RE: SUS server Douglas Schlachta (Sr. Infrastructure Securty Analyst) (Apr 08)
- RE: SUS server Douglas Schlachta (Sr. Infrastructure Securty Analyst) (Apr 08)
- RE: SUS server hartmann (Apr 08)
- Re: SUS server Raoul Armfield (Apr 08)
- RE: SUS server hartmann (Apr 11)
- Re: SUS server Raoul Armfield (Apr 12)
- RE: SUS server hartmann (Apr 13)