Re: Admin Rights required on Terminal Services

[<sf_mail_sbm () yahoo com>]

In-Reply-To: <423F47FF.6040304 () ucw com au>


> From: Security <security () ucw com au>

> With the TS config for a custom writen prog, if you cannot give admin 
> rights to everyone (fair enough), one thing you could do is start 
> security "failure" auditing for everything on the TS box.

Somthing similar was proposed in a previous post, will try to do this (if time permits ;)

However does not seem to be a 'clean' and 'professional' way to make this thing work

> Or,
> Why not give admin access to users and use group policy to remove any 
> icons or access paths to any sensitive areas.

This is what we have decided to do in the meantime, give user admin rights, and restrict 'all' his access, at least 
accesses that he won't need: remove command prompt, control panel, disable right-click, remove access to local disk 
(will be moving to a thin client environment), all everything else available in the Group Policy

> I am very interested in the outcome of this thread. Please continue to 
> post ideas.

Me too! Yeah please post new ideas