|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: local admin vs group policy and apps...
From: Bruce K. Marshall (bkmlstsgohere
comcast.net)
Date: Tue Jan 18 2005 - 07:31:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Murad,
I would recommend looking at the following tool, called the Elevated
Privileges Application Launcher (epal), from Microsoft:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/epal.mspx
It should allow you to run your applications as a member of the
Administrators without explicitly granting the end user the same privileges.
----
Bruce K. Marshall - bmarshallsecurityps.com - 913-484-7233
Security Professional Services, Inc. - Kansas City
----- Original Message -----
From: "Murad Talukdar" <talukdar_msubway.com>
To: <>
Sent: Thursday, January 13, 2005 9:10 PM
Subject: local admin vs group policy and apps...
> Hi,
> We have two apps (even calling them legacy seems to attribute some
> undeserved elegance to them) which must run at admin level to function
> properly. I am trying to find out whether the fact that users are allowed
> to
> be local admins, or even given the runas power to run the app can still be
> locked out of control panel etc through GPOs.
>
> I mean, if I let people runas then they know the admin password so can
> rescind any GP settings, can't they? How can I shut that possibility out?
>
> Yes I have asked for the possibility of then apps being recoded to
> function
> under power users but the development team are of the starving waif
> variety
> due to under resourcing...this consideration is not high on the list.
>
> Kind Regards
> Murad Talukdar
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]