funsec mailing list archives
Re: Administrator Accounts
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Wed, 22 Feb 2006 13:45:38 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Larry Seltzer wrote: [...]
I would assume that all, or nearly all enterprise Windows users are logging into a domain. This means that their rights are controlled through domain administration, and making the average user an administrator would be an insane thing to do. It also appears to me that UAC is a matter for local accounts, not domain accounts. So Vista, being a client OS, really can't address the problem.
Many users do log in over a domain. However, these "Domain Users" are also members of the "Local Administrators" group. Vista removes this power from applications that don't really need it. Take, for example, the take-home notebooks of a certain Fortune 100. Users of said notebooks currently log in as domain users using cached credentials to authenticate. These users are also members of local administrators group, meaning that they wield incredible destructive power over their own take-home PCs but not much on the domain. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38 iD8DBQFD/L9ifp4vUrVETTgRA9YOAKDNIzVETGCrNS+PzMau5kupdT1IcwCglPLT SkShljTUazZszaRFBT8sesM= =c8lw -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- OT Ferrari Enzo crash Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 22)
- Re: OT Ferrari Enzo crash Mike Owen (Feb 22)
- Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Brian Loe (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: OT Ferrari Enzo crash Mike Owen (Feb 22)
- Re: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Vicky Røde (Feb 22)
- Re: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- Re: Administrator Accounts James Kehl (Feb 23)