are users local admins on ALL clients (through some group that is a member of local administrators on al clients) or only on their own client and not on other clients? if the latter is true, then the first thing that comes to mind is that the clients were cloned but the machine SID was not regenerated using SYSPREP and thus all clients have identical machine SIDs. jorge
________________________________ From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Tue 2006-02-14 16:40 To: [email protected] Subject: [ActiveDir] Local admin priviledges Well someone just realized that since all our users are local admins on their PCs that they can map to another users C$ share and see all their data. They asked mgmt if they knew about that, and now of course, they're concerned about it. It's been this way for years, but I digress. SO, what is the general conscensus on giving users full ability to install/remove software at will, but not allowing them to map to other PCs c$ drives? Make everyone Power Users instead? Is there anything that they might lose from going from local admins to power users on their PCs besides this c$ mapping functionality? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
