|
Also, picking up on an earlier discussion,
if the local admin password is the same on all workstations, users could easily
gain access to C$ -- nme From: Phillip
Partipilo [mailto:[EMAIL PROTECTED] Curious, how do you do that via GPO?
a custom ADM? Phillip Partipilo Parametric Solutions Inc. Jupiter, (561) 747-6107 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Ahh yes, we do have all users in one
global group, and that global group is auto-added to every local administrators
group on each PC through GPO. I guess that explains that. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Being a local admin on a PC does not give
them the ability to see another machine's C$ share. This would occur if
you added a group (local admins) to the administrators group on all PCs
and then added users to that group instead of doing it on a user by user basis.
That said, I would look for any and all ways of NOT giving users local admin
rights on their computers, although I know in some instances, usually due to
poor coding, it can't be avoided. Tim From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Well someone just realized that since all our users are
local admins on their PCs that they can map to another users C$ share and see
all their data. They asked mgmt if they knew about that, and now of
course, they're concerned about it. It's been this way for years, but I
digress. SO, what is the general conscensus on giving users full
ability to install/remove software at will, but not allowing them to map to
other PCs c$ drives? Make everyone Power Users instead? Is there
anything that they might lose from going from local admins to power users on
their PCs besides this c$ mapping functionality?
-- -- |
- RE: [ActiveDir] Local admin priviledges Noah Eiger
- RE: [ActiveDir] Local admin priviledges Rimmerman, Russ
- RE: [ActiveDir] Local admin priviledges Rimmerman, Russ
- RE: [ActiveDir] Local admin priviledges King, William
