Security Basics mailing list archives
Re: Admin Rights required on Terminal Services
From: Security <security () ucw com au>
Date: Tue, 22 Mar 2005 09:17:35 +1100
Hi Guys, I'm am a security noob so take this with a grain of salt...With the TS config for a custom writen prog, if you cannot give admin rights to everyone (fair enough), one thing you could do is start security "failure" auditing for everything on the TS box.
When the program is run, if it cannot access a certain item, and the program crashs/closes, there will be a failure audit in the event log. You can then use group policy to give access to that specific area, eg "increase privilege" to a group that was created to control access for this program.
Or,Why not give admin access to users and use group policy to remove any icons or access paths to any sensitive areas.
I am very interested in the outcome of this thread. Please continue to post ideas.
Cheers Todd Cummings. Andrew Shore wrote:
Have you tried running the NTCOMPAT security policy rather than giving users elevated right. Admin privilege on a terminal server is asking for trouble.Andy-----Original Message-----From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com] Sent: 17 March 2005 15:46To: security-basics () securityfocus com Subject: Admin Rights required on Terminal Services Dear List, We have an application that needs local admin rights to run This is a legacy application, and cannot be run as a service We are planning to run the application on a Terminal Services server (Win 2K3) Clients cannot run the application thru TS, since they do not have local admin rights One option is to put the users as local admins, and restrict the menus to which they have access through Group Policy Is there any other way to make users run the application without givin them local admin rights? Tried to look at "runas", but user will need to enter the administrator password Thank u all for ur help Ronish
Current thread:
- Admin Rights required on Terminal Services sf_mail_sbm (Mar 17)
- RE: Admin Rights required on Terminal Services Burton Strauss (Mar 17)
- <Possible follow-ups>
- RE: Admin Rights required on Terminal Services Conlan Adams (Mar 17)
- RE: Admin Rights required on Terminal Services Andrew Shore (Mar 18)
- Re: Admin Rights required on Terminal Services Security (Mar 21)
- Re: Admin Rights required on Terminal Services sf_mail_sbm (Mar 22)
- Re: Admin Rights required on Terminal Services sf_mail_sbm (Mar 22)