HomeCalendarFAQSearchMemberlistUsergroupsRegisterLog in

Share | 

 Running Windows Under Non-Admin Accounts

Go down 

Posts : 263
Join date : 2010-03-04

PostSubject: Running Windows Under Non-Admin Accounts   Wed Mar 24, 2010 3:06 pm

Everyone knows that one of the most important principles of network security is least privilege: grant ordinary users only those rights and permissions they need to get their work done and no more. For example, if ordinary users don’t need access to sensitive data stored in the Accounting share, don’t give them any permissions on that share, either through shared folder permissions on the share itself or NTFS permissions on the folder underlying the share.
Least privilege is more than a security principle, it’s also a lifesaver as far as the day-to-day job of administrators is concerned. Reason is, users are curious creatures and tend to push the envelope of what company policies allow and forbid them to do. Give a user local administrator privileges on their computer and they’re likely to try all sorts of things like installing additional software, changing configuration settings, and even poking around the registry to see if they can “tune” their machine to make it run better. From an administrator’s point of view however, this can be disastrous since the wrong tweak might break some application or even render their machine unusable. The user then cries for help and as an administrator you pretty much have two choices: wipe their machine and re-image it from your standard desktop image or spend useless hours trying to troubleshoot their problem. The second choice is usually a waste of time unless, contrary to company policy, the user has been saving important files on their machine instead of on the network. And the first choice is almost like spitting in the wind—you re-image the user’s machine and he just goes and fools around with it again.

Group Policy is one way of locking down what a user can and cannot do on their computers and using their credentials. But what if company policies (or culture or politics or on the job realities) mean that your users need to have the ability to install their own software and configure settings on their machines? If this is the case, you have two choices: give your users local admin privileges, or don’t. Since the first option causes the troubles I’ve described above, let’s explore the feasibility of the second option.
Back to top Go down
View user profile http://windowsmode.darkbb.com
Running Windows Under Non-Admin Accounts
Back to top 
Page 1 of 1
 Similar topics
» Selenium RC with Google Chrome on Windows server 2008
» Exception in thread "main" java.net.BindException: Selenium is already running on port 4444. Or some other service is.
» not running selenium in windows 2008 R2 Enterprise
» Running Selenium on a Locked Machine as a Scheduled Task
» Has Anyone Gotten Chrome Driver to Work with Windows 7?

Permissions in this forum:You cannot reply to topics in this forum
windows mode :: Windows XP OS :: Windows XP Tutorials-
Jump to: