Educause Security Discussion mailing list archives

Re: Local Admin Rights

From: Matt Kirchhoff <mek () PDX EDU>
Date: Tue, 15 Mar 2005 08:45:15 -0800

Quoth Michelle Mueller on 3/15/2005 7:24 AM:

We do this same thing.  By default, no one has local Admin rights.  The
only ones who are given Admin rights are the ones who are running
programs that will not work without them,


I'll add that I've been very successful in getting "Admin required"
software to run at the User level. Tools such as SysInternal's  RegMon
and FileMon are helpful in isolating the ACLs and Registry keys that
require modification to function with reduced privileges.

As a sidenote, Aaron Margosis has an excellent blog about running under
Windows with non-Admin privileges:

http://blogs.msdn.com/aaron_margosis/


I'm still fighting this battle, quite unsuccessfully. As Gary Flynn
noted, the biggest part of the war is political.

--
Matt Kirchhoff
Information Technology Consultant
User Support Services
Office of Information Technologies
Portland State University
mek () pdx edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Local Admin Rights Brian Fetcie (Mar 15)
- <Possible follow-ups>
- Re: Local Admin Rights Jacobson, James (Mar 15)
- Re: Local Admin Rights Michelle Mueller (Mar 15)
- Re: Local Admin Rights Gary Flynn (Mar 15)
- Re: Local Admin Rights Matt Kirchhoff (Mar 15)
- Re: Local Admin Rights Brian Fetcie (Mar 15)
- Re: Local Admin Rights Jeff Giacobbe (Mar 15)
- Re: Local Admin Rights Krulewitch, Sean (Mar 28)