funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Administrator Accounts

From: "Brian Loe" <knobdy () gmail com>
Date: Wed, 22 Feb 2006 13:39:39 -0600
On 2/22/06, Larry Seltzer <larry () larryseltzer com> wrote:


I would assume that all, or nearly all enterprise Windows users are logging
into a domain. This means that their rights are controlled through domain
administration, and making the average user an administrator would be an
insane thing to do.

It also appears to me that UAC is a matter for local accounts, not domain
accounts. So Vista, being a client OS, really can't address the problem.

Larry Seltzer


Not sure I'm following you. The administrator that he is referring to
would have to be LOCAL ADMINISTRATOR (local group) and has nothing to
do with domain accounts. It is not required, for ANY application I
have studied, that the user be a local admin - however it is commonly
seen as such due to lazy desktop admins. If MS is proposing a better
way to handle local accounts - and it will prompt desktop admins to
stop giving users local admin rights - it will be a godsend.

However, again, this has absolutely nothing to do with domain accounts...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: