Re: Local Administrators

["Brian K. Doré" <bkd () LOUISIANA EDU>]

You have software that runs for Administrators but not as Power Users?    XP or Vista?  *

If security is a concern,  you  probably want your users to run as plain USERS.  Not Power Users.   Power Users can 
become administrators without too much trouble.

If the software runs as an Administrator, but not as a regular user then take the time to find out what 
files/folders/registry keys the programs need access to and set access appropriately for users.   You can do this by 
setting deny access auditing on the file system and registry, or using tools like filemon and regmon to determine what 
is needed.   Once you figure them out, use Group Policy to apply the settings to the appropriate computers.

* In VISTA the  POWER USERS group doesn't have the same permissions that it had in XP.   Also, in Vista, registry 
virtualization can allow some poorly written software to run without giving users higher access.

Brian

---

Brian Doré
University of Louisiana at Lafayette









From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel 
Bennett
Sent: Thursday, March 27, 2008 9:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Local Administrators

Currently we allow our students to be local administrators on lab computers.  The reason is that some software needs 
admin-level access to run.  How do you all handle software like that.  I would like to get our students to the 
power-user level.

Thanks,

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989