Educause Security Discussion mailing list archives
Re: Local Admin Accounts
From: Guy Pace <gpace () SBCTC EDU>
Date: Wed, 16 Sep 2009 13:14:25 -0700
Dropping everyone to basic user would have been my preference. But, remember this was back in the early dark ages of Win2k and AD. We still had to deal with production applications that were based on Win95 design practices. PowerUser was a compromise that we had to live with for a while. Today, it should not be a problem. Guy L. Pace, CISSP Security Administrator Information Technology Division WA State Board for Community and Technical Colleges (SBCTC) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () sbctc edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Wednesday, September 16, 2009 11:38 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Local Admin Accounts
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Guy Pace Sent: Wednesday, September 16, 2009 2:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Local Admin Accounts We dropped _all_ users to power users, removed access to local policy and made sure that domain admin group was part of the local admin group.
I'm surprised you saw a lot of benefits just dropping the users to power users rather than all the way to regular users. If I remember correctly, power users can modify the HKEY local system registry RUN entries to persist, add files to the windows directory, add various browser extensions, and a lot of other things most malware tries to do.
Current thread:
- Re: Local Admin Accounts, (continued)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts Mark Monroe (Sep 16)
- Re: Local Admin Accounts Strzelec, Wally (Sep 16)
- Re: Local Admin Accounts Steven Alexander (Sep 16)
- Re: Local Admin Accounts Smith, Bob (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts Manuel Amaral (Sep 16)
- Re: Local Admin Accounts Stanclift, Michael (Sep 16)
- Re: Local Admin Accounts Sweeny, Jonny (Sep 16)
- Re: Local Admin Accounts Guy Pace (Sep 16)
- Re: Local Admin Accounts David Gillett (Sep 16)
- Re: Local Admin Accounts Guy Pace (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts King, Ronald A. (Sep 16)
- Re: Local Admin Accounts John Hoffoss (Sep 16)
- Re: Local Admin Accounts Strzelec, Wally (Sep 16)
- Re: Local Admin Accounts Stanclift, Michael (Sep 16)
- Re: Local Admin Accounts Eric Case (Sep 17)