Security Basics mailing list archives

Re: Removing Local Admin Rights...

From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 27 May 2004 13:41:44 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KEN MORRIS wrote:
| Jay,
| First thing I would do would be to check to see if there is any non-M$
| programs installed that are needed in the organization. IF there are,
| thoroughly test those programs under both O/S before removing local admin
| rights.
| Some software will run only under local admin user accounts. I have tried
| here and found that in certain programs there is no work around other than
| local admin to allow users to run the software. Even setting them as power
| users does not work.
| Regards,
| Ken

Ken,
Generally the local admin rights requirements on machines with 3rd party
software is fixable by just changing permissions on files and
keys/values in the registry, I can't think of a single instance where
this wouldn't work and I've yet to find a program I couldn't setup for
an ordinary user to run.

I find the best thing to do is run filemon and regmon on the suspect
program and check what its accessing and then give the user permission
to these keys (don't give write where only read is needed though). Quite
often you will find that the software vendors are willing to give you
the info on these keys and values themselves to save you the trouble of
researching it.

If you need more help on this let me know.


- --
Barrie Dempster

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

<spam type="places I think you should go">
Do something good http://www.lp2p.org
Open Source Vulnerability Database http://www.osvdb.org
</spam>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAteIHsYtTQpYCX9ARAtVHAJ0QFpnY7R2QT5ZxWEUQUq+WHE6jNgCfc1SQ
JUryNnnAmIQ+l5XD91tktU4=
=6Rd1
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

Current thread:

Removing Local Admin Rights... Jay Lopez (May 25)
- Re: Removing Local Admin Rights... Murad Talukdar (May 28)
  - Re: Removing Local Admin Rights... Simon Taplin (May 31)
- <Possible follow-ups>
- RE: Removing Local Admin Rights... KEN MORRIS (May 26)
  - Re: Removing Local Admin Rights... Barrie Dempster (May 27)
- Re: Removing Local Admin Rights... Tom Stowell (May 26)
  - Re: Removing Local Admin Rights... Brian Dunbar (May 27)
- RE: Removing Local Admin Rights... Craig, Jason (May 27)
  - Re: Removing Local Admin Rights... Simon Taplin (May 31)
- RE: Removing Local Admin Rights... Robinson, Sonja (May 27)
  - DNS and SMTP kaps lock (May 28)
    - Re: DNS and SMTP Byron Copeland (May 31)
    - Re: DNS and SMTP Chris Moody (May 31)
    - Re: DNS and SMTP Russell J. Wood (May 31)
- RE: Removing Local Admin Rights... Daszczyszak, Roman L. SPC (1AD 501 MI BN ACE IMO) (May 29)