Not giving you a hard time, your point is valid but in our environment a user doing what you describe will get you fired, or expelled if you are a student. At every login all our users agree not to do the kinds of things you describe, and anyone doing so knows very well they are far over the line.
Not that our users are local admins. From: Ken Schaefer [mailto:[email protected]] Sent: Thursday, April 23, 2009 8:18 PM To: NT System Admin Issues Subject: RE: Restricted groups, where have you been.... But in James' case, I can just bring my own copy of cacls.exe (or have a scheduled job to make a copy of the existing one) and unless SeTakeOwnership Privilege is removed from the Administrators group I can then get permissions back to everything that he's just removed. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
