On 12 Jun 2006 at 11:57, Gary VanderMolen wrote:
> Vista's default user account (the one created during the install)
> is a member of the administrator group, but is not THE
> administrator.
That's the way XP/Home works. Bad idea, IMO.
> .. The real administrator account is difficult to get to.
Same as for XP/Home.
> Furthermore, the default account runs at a security privilege level
> of an ordinary user, so when anything 'administrative' needs to
> be done, a prompt pops up requesting consent for temporary elevation
> to administrator level.
I dont' understand this part: are you saying that the *ONLY* additional
security that Vista provides [in its normal setup] is to require the user
to click on "OK" in a dialogue??? That's not a lot better than having no
security at all. And a meta question: how is that implemented? I guess
by some serious changes in the ACL/policy setups so that instead of
allowing the "Administrators" *group* [which is the case now], it'll only
include the "Administrator" account... Better than now, but still not as
good as it should/could be.
> .. If you are running from a non-privileged
> user account, a different prompt will come up, requesting login
> with the administrator password.
YAY!! Exactly right. Now if only they made *THAT* be the default user
acct things would be a lot better...
Thanks for the info!!
Do you know if there are any additional tools to provide auditing and
security setup? [so that, for example, if you're trying to run some app
and it keeps claiming you need admin privileges to run it, you can:
1) figure out *why* and then that would allow you to
2) adjust the appropriate ACL/policy to allow your user to do what
needs doing [assuming you want to allow it, of course..:o)]
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
--
----------------------------------------
To Change your email Address for this list, send the following message:
CHANGE WIN-HOME your_old_address your_new_address
to: [EMAIL PROTECTED]
Note carefully that both old and new addresses are required.
