Security Basics mailing list archives
Re: Admin Rights required on Terminal Services
From: <sf_mail_sbm () yahoo com>
Date: 22 Mar 2005 11:21:18 -0000
In-Reply-To: <423F47FF.6040304 () ucw com au>
From: Security <security () ucw com au>
With the TS config for a custom writen prog, if you cannot give admin rights to everyone (fair enough), one thing you could do is start security "failure" auditing for everything on the TS box.
Somthing similar was proposed in a previous post, will try to do this (if time permits ;) However does not seem to be a 'clean' and 'professional' way to make this thing work
Or, Why not give admin access to users and use group policy to remove any icons or access paths to any sensitive areas.
This is what we have decided to do in the meantime, give user admin rights, and restrict 'all' his access, at least accesses that he won't need: remove command prompt, control panel, disable right-click, remove access to local disk (will be moving to a thin client environment), all everything else available in the Group Policy
I am very interested in the outcome of this thread. Please continue to post ideas.
Me too! Yeah please post new ideas
Current thread:
- Admin Rights required on Terminal Services sf_mail_sbm (Mar 17)
- RE: Admin Rights required on Terminal Services Burton Strauss (Mar 17)
- <Possible follow-ups>
- RE: Admin Rights required on Terminal Services Conlan Adams (Mar 17)
- RE: Admin Rights required on Terminal Services Andrew Shore (Mar 18)
- Re: Admin Rights required on Terminal Services Security (Mar 21)
- Re: Admin Rights required on Terminal Services sf_mail_sbm (Mar 22)
- Re: Admin Rights required on Terminal Services sf_mail_sbm (Mar 22)