Security Basics mailing list archives
RE: Admin Rights required on Terminal Services
From: "Burton Strauss" <BStrauss3 () comcast net>
Date: Thu, 17 Mar 2005 11:10:52 -0600
The right answer, of course, is to fix the application. No normal user application should need admin. Baring that, "Local Admin" is a bunch of rights - 98% of which your application does not need. It's painful, but you could work through the app, figuring out one at a time what rights they really need (create files in this directory. Read that file, etc.). Then build an account/group with just those necessary rights. Once you have the account/group, you can * Add the necessary (and only the necessary) users to the group Or * Use RUNAS, giving out only the password to the special userid, not the admin password. -----Burton -----Original Message----- From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com] Sent: Thursday, March 17, 2005 9:46 AM To: security-basics () securityfocus com Subject: Admin Rights required on Terminal Services Dear List, We have an application that needs local admin rights to run This is a legacy application, and cannot be run as a service We are planning to run the application on a Terminal Services server (Win 2K3) Clients cannot run the application thru TS, since they do not have local admin rights One option is to put the users as local admins, and restrict the menus to which they have access through Group Policy Is there any other way to make users run the application without givin them local admin rights? Tried to look at "runas", but user will need to enter the administrator password Thank u all for ur help Ronish
Current thread:
- Admin Rights required on Terminal Services sf_mail_sbm (Mar 17)
- RE: Admin Rights required on Terminal Services Burton Strauss (Mar 17)
- <Possible follow-ups>
- RE: Admin Rights required on Terminal Services Conlan Adams (Mar 17)
- RE: Admin Rights required on Terminal Services Andrew Shore (Mar 18)
- Re: Admin Rights required on Terminal Services Security (Mar 21)
- Re: Admin Rights required on Terminal Services sf_mail_sbm (Mar 22)
- Re: Admin Rights required on Terminal Services sf_mail_sbm (Mar 22)