Educause Security Discussion mailing list archives
Re: Peeling off desktop Administrator Rights
From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Fri, 4 Dec 2009 10:03:25 -0600
This is very intriguing. I imagine that this would also limit active installs in IE the way a standard user would be limited. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Hanson Sent: Friday, December 04, 2009 8:43 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Peeling off desktop Administrator Rights Todd, This article explains how to drop user rights from applications. I have been testing it and it works well. We are on Windows XP here. I created a reg file from the instructions and we are going to roll this out to our faculty and staff to drop browser user rights to help slowdown browser malware infections. You should be able to use this to drop the rights of any application. It is not fool proof and there are some issues that the lack of Admin user causes. It is however, one more layer of defense in the never ending battle. http://dougzuck.com/decrease-malware-infections-using-software-restriction-policies Mike Hanson Network Security Manager The College of St. Scholastica Duluth, MN 55811 (218)-723-7097 mhanson () css edu
"Plesco, Todd" <tplesco () CHAPMAN EDU> 12/3/2009 5:27 PM >>>
Does anyone know of a product/application (rather than the orthodox and typical Active Directory method) which removes Microsoft "Administrator" group rights from users to be replaced with "User" or "Power User" group rights without impacting existing applications which were installed with Administrator privilege? One of our desktop managers is looking for the "easy" application based method to do this without bringing in a full Active Directory GPO & OU development project. The end result being sought is that further applications may not be installed by users but existing applications will still function. Todd A. Plesco CISM, CBCP Chapman University, Director of Information Security One University Drive, Orange, CA 92866 Phone: (714) 744-7979/Fax: (714) 744-7041
Current thread:
- Peeling off desktop Administrator Rights Plesco, Todd (Dec 03)
- <Possible follow-ups>
- Re: Peeling off desktop Administrator Rights Mike Hanson (Dec 04)
- Re: Peeling off desktop Administrator Rights Stanclift, Michael (Dec 04)
- Re: Peeling off desktop Administrator Rights Tupker, Mike (Dec 04)
- Re: Peeling off desktop Administrator Rights Stanclift, Michael (Dec 04)
- Re: Peeling off desktop Administrator Rights Eric Case (Dec 04)
- Re: Peeling off desktop Administrator Rights Plesco, Todd (Dec 04)
- Re: Peeling off desktop Administrator Rights Stanclift, Michael (Dec 05)
- Re: Peeling off desktop Administrator Rights Stanclift, Michael (Dec 07)
- Re: Peeling off desktop Administrator Rights Kevin Shalla (Dec 07)
- Re: Peeling off desktop Administrator Rights randy marchany (Dec 07)
- Re: Peeling off desktop Administrator Rights Gary Dobbins (Dec 07)
- Re: Peeling off desktop Administrator Rights Dave Kovarik (Dec 07)
- Re: Peeling off desktop Administrator Rights Plesco, Todd (Dec 07)
(Thread continues...)