Re: SUS server

[Doug.Janelle () Thermo com]

Not the only way, just the easiest. A better solution is to find the effected
registry keys and/or folders and grant the user the necessary rights to those
areas. Oftentime, its simply a matter of going to HKLM\Software\{vendorname}.
Tools like Sysinternals' RegMon and FIleMon can help fine tune the process. An
eminantly better solution than granting local admin rights, and doesn't take
more than a couple minutes to impliment.

dcj2


> While local Admin rights may violate quite a few security protocols as
> well as administration protocols, it sometimes is the ONLY way to get
> certain things done.  I manage a small group of Engineers that do
> everything from CAD work to ASIC design.  It is in their job
> descriptions to constantly attempt new design changes/fixes/upgrades and
> a lot of the time they are installing new patches/upgrades/versions of
> the tools that they use.  Even with push out from AD, this would still
> slow them down too much.

> Power User level won't work either, as too many of these programs want
> to write to "privileged" places on the file structure.  Yes, they do
> blow stuff up from time to time (which we warn them is THEIR
> responsibility), anything other than local admin simply isn't productive.





---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------