are users local admins on ALL clients (through some group that is a member of 
local administrators on al clients) or only on their own client and not on 
other clients?
 
if the latter is true, then the first thing that comes to mind is that the 
clients were cloned but the machine SID was not regenerated using SYSPREP and 
thus all clients have identical machine SIDs.
 
jorge

________________________________

From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ
Sent: Tue 2006-02-14 16:40
To: [email protected]
Subject: [ActiveDir] Local admin priviledges


Well someone just realized that since all our users are local admins on their 
PCs that they can map to another users C$ share and see all their data.  They 
asked mgmt if they knew about that, and now of course, they're concerned about 
it.  It's been this way for years, but I digress.
 
SO, what is the general conscensus on giving users full ability to 
install/remove software at will, but not allowing them to map to other PCs c$ 
drives?  Make everyone Power Users instead?  Is there anything that they might 
lose from going from local admins to power users on their PCs besides this c$ 
mapping functionality?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        


This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.

<<winmail.dat>>

Reply via email to