Re: Administrator Accounts

[Matthew Murphy <mattmurphy () kc rr com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Larry Seltzer wrote:
[...]
> I would assume that all, or nearly all enterprise Windows users are logging
> into a domain. This means that their rights are controlled through domain
> administration, and making the average user an administrator would be an
> insane thing to do. 
>
> It also appears to me that UAC is a matter for local accounts, not domain
> accounts. So Vista, being a client OS, really can't address the problem.

Many users do log in over a domain.  However, these "Domain Users" are
also members of the "Local Administrators" group.  Vista removes this
power from applications that don't really need it.

Take, for example, the take-home notebooks of a certain Fortune 100.
Users of said notebooks currently log in as domain users using cached
credentials to authenticate.  These users are also members of local
administrators group, meaning that they wield incredible destructive
power over their own take-home PCs but not much on the domain.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38

iD8DBQFD/L9ifp4vUrVETTgRA9YOAKDNIzVETGCrNS+PzMau5kupdT1IcwCglPLT
SkShljTUazZszaRFBT8sesM=
=c8lw
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.