RE: [ActiveDir] Local admin priviledges

Tue, 14 Feb 2006 09:21:11 -0800

Curious, how do you do that via GPO?  a custom ADM?
 
 
 
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
 
 
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, February 14, 2006 11:13 AM
To: [email protected]
Subject: RE: [ActiveDir] Local admin priviledges

Ahh yes, we do have all users in one global group, and that global group is auto-added to every local administrators group on each PC through GPO.  I guess that explains that.

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi
Sent: Tuesday, February 14, 2006 9:48 AM
To: [email protected]
Subject: RE: [ActiveDir] Local admin priviledges

Being a local admin on a PC does not give them the ability to see another machine's C$ share. This would occur if you added a group (local admins) to the administrators group on all PCs and then added users to that group instead of doing it on a user by user basis. That said, I would look for any and all ways of NOT giving users local admin rights on their computers, although I know in some instances, usually due to poor coding, it can't be avoided.
Tim

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, February 14, 2006 9:40 AM
To: [email protected]
Subject: [ActiveDir] Local admin priviledges

Well someone just realized that since all our users are local admins on their PCs that they can map to another users C$ share and see all their data.  They asked mgmt if they knew about that, and now of course, they're concerned about it.  It's been this way for years, but I digress.
 
SO, what is the general conscensus on giving users full ability to install/remove software at will, but not allowing them to map to other PCs c$ drives?  Make everyone Power Users instead?  Is there anything that they might lose from going from local admins to power users on their PCs besides this c$ mapping functionality?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reply via email to