What's wrong with that L:)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Esgro Sent: Friday, March 22, 2002 1:18 PM To: NT 2000 Discussions Subject: RE: Administrative rights That sounds like a plug :) -----Original Message----- From: Rocky Stefano [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 12:01 PM To: NT 2000 Discussions Subject: RE: Administrative rights For those of you looking at managing, packaging, or rolling out applications to your end user base. Look no further then www.softricity.com The software is amazing. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alexander Kha Do Sent: Friday, March 22, 2002 12:02 PM To: NT 2000 Discussions Subject: RE: Administrative rights There still CAN be a big difference in opening up the security on the registry and actually giving local administrative rights. If you folks use group memberships on the local machine - I.E. "DOMAIN\staff users" group is a member of local administrators, then basically any validated logged in workstation can be used to manage, disrupt, and view data on anyone else's machine in the company via Remote Administration / Computer Management. This may or may not be a problem, but if you have wily users or even if some virus is created that attempts to use WMI to spread itself, you're screwed. We've been going back and forth on this whole issue, because we can't make it an IT dept policy to install and support EVERY mail-in weirdo piece of software that some person may use to retrieve statistacal data or bank and tax software ... you're talking about designating the time of an IT staffer to support some software that 2 people use and have to reinstall every month or something. I've been leaning towards everyone being Power Users, with restrictive GP's enabled for these reasons. There's always some exceptional legacy software requires local admin rights to run, and perhaps we have to take this software on a case-by-case basis. ... thoughts ... -Alex -----Original Message----- From: Ron Jameson [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:42 AM To: NT 2000 Discussions Subject: RE: Administrative rights We here (in-house and with clients) are battling the same problem. We encounter many of programs that want an admin to install (ok, the RUNAS works) but an admin to use the damn thing!!! These programmers are nuts if they think we are going to give admin rights to everyone. I end up using regmon to find out what the program is using in the registry and give full rights to that part of it (at least for server based programs). Local based issues I am still trying to find a way to cure it as you are. Power users group does not always work. Grrr. Ron Jameson James Hamlin Consulting. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Owen Sent: Friday, March 22, 2002 10:20 AM To: NT 2000 Discussions Subject: RE: Administrative rights Ok here is a specific. 3/22/02 Create-A-Check requires full permissions to the following registry keys be granted to the user in order for it to work: H_KEY_LOCAL_MACHINE -SOFTWARE -Borland -CAC -Create-A-Check, Inc. Microsoft Windows and/or Windows NT (NT/2000) (make sure rights are granted for all noted subdirectories) Current Version - Setup Install Extra User also needs full control to the c:\Program Files\Common Files\Borland Shared\ and the subdirectories. User also needs to be granted full control to the network directory where Create-A-Check is installed, and all of the subdirectories. So if we open up the Setup key to everyone that pretty much kills much of the reason for removing the admin rights. I am curious how many more apps we are going to run into the behave like this. We have only tested around 75 of 600 applications to be tested. -----Original Message----- From: Ed Esgro [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 10:15 AM To: NT 2000 Discussions Subject: RE: Administrative rights When you say the applications need admin rights to run. I think you may want to be more specific about that. Admin rights include a lot of user rights. For example; Act as part of operating system. Add workstations to domain. Force shutdown from remote system. So Admin rights are just way too powerful. You should try to find out what the application needs to function properly. Admin rights, is like saying you need an airplane to get from Florida to NY, but you could really accomplish that by taking a bus or driving a car or walking. As far as installing applications, I would not empower anyone with this right. Just causes tons of problems down the road. Before you know it, you have Bonzi Buddy on all of your damn workstations. -----Original Message----- From: Wes Owen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 10:46 AM To: NT 2000 Discussions Subject: Administrative rights How many out there do not allow administrative rights on the client systems? We are attempting to put all users into the Power Users group and I am sure you can imagine the stir it is creating. There are applications that require admin rights not only to install, but also to run. One of the manufacturers fix was to grant full rights to the Setup key, kinda defeats the purpose don't you think? If you do not put users in the administrative groups do you make exceptions for support and development staff? Do you use administrative accounts and only give support persons rights on admin accounts or do you give their user account all the rights? This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
