RE: [ActiveDir] Local admin priviledges

[Olivarez, Sergio J Mr ANOSC/FCBS]

Here are a couple articles that compare rights. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_default_settings.mspx http://uis.georgetown.edu/software/documentation/win2000/win2000.account.group.permissions.html     Thanks... ... ... ... Sergio J. Olivarez - Contractor GD-NS From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 14, 2006 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Local admin priviledges   Well someone just realized that since all our users are local admins on their PCs that they can map to another users C$ share and see all their data.  They asked mgmt if they knew about that, and now of course, they're concerned about it.  It's been this way for years, but I digress.   SO, what is the general conscensus on giving users full ability to install/remove software at will, but not allowing them to map to other PCs c$ drives?  Make everyone Power Users instead?  Is there anything that they might lose from going from local admins to power users on their PCs besides this c$ mapping functionality? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~