Administrator Accounts

["Larry Seltzer" <larry () larryseltzer com>]

I just got off a press call with Microsoft about the "Enterprise CTP"
release of Windows Vista, basically a new beta (they don't want to use the
word beta) oriented at enterprises.

One of the things that Brad Something, Lord High Product Manager for Windows
Vista said was that 80% of Windows enterprise users run as administrator. He
said this as a way of pitching the new User Account Control (UAC) feature
(http://www.microsoft.com/technet/windowsvista/library/0d75f774-8514-4c9e-ac
08-4c21f5c6c2d9.mspx) which is certainly a cool and useful feature. I'm sure
I didn't misunderstand him.

I would assume that all, or nearly all enterprise Windows users are logging
into a domain. This means that their rights are controlled through domain
administration, and making the average user an administrator would be an
insane thing to do. 

It also appears to me that UAC is a matter for local accounts, not domain
accounts. So Vista, being a client OS, really can't address the problem.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.