-----Original Message-----
From: Bruce K. Marshall [mailto:bkmlstsgohere (at) comcast (dot) net [email concealed]]
Sent: Tuesday, January 18, 2005 6:31 AM
To: Murad Talukdar; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: local admin vs group policy and apps...
Murad,
I would recommend looking at the following tool, called the Elevated
Privileges Application Launcher (epal), from Microsoft:
It should allow you to run your applications as a member of the
Administrators without explicitly granting the end user the same
privileges.
----
Bruce K. Marshall - bmarshall (at) securityps (dot) com [email concealed] - 913-484-7233
Security Professional Services, Inc. - Kansas City
----- Original Message -----
From: "Murad Talukdar" <talukdar_m (at) subway (dot) com [email concealed]>
To: <>
Sent: Thursday, January 13, 2005 9:10 PM
Subject: local admin vs group policy and apps...
> Hi,
> We have two apps (even calling them legacy seems to attribute some
> undeserved elegance to them) which must run at admin level to function
> properly. I am trying to find out whether the fact that users are
allowed
> to
> be local admins, or even given the runas power to run the app can
still be
> locked out of control panel etc through GPOs.
>
> I mean, if I let people runas then they know the admin password so can
> rescind any GP settings, can't they? How can I shut that possibility
out?
>
> Yes I have asked for the possibility of then apps being recoded to
> function
> under power users but the development team are of the starving waif
> variety
> due to under resourcing...this consideration is not high on the list.
>
> Kind Regards
> Murad Talukdar
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=
CF3CC921-9B8E-4266-A905-2E2A20217CE0
Robert Jandacek
Horizon IT Dept.
-----Original Message-----
From: Bruce K. Marshall [mailto:bkmlstsgohere (at) comcast (dot) net [email concealed]]
Sent: Tuesday, January 18, 2005 6:31 AM
To: Murad Talukdar; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: local admin vs group policy and apps...
Murad,
I would recommend looking at the following tool, called the Elevated
Privileges Application Launcher (epal), from Microsoft:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/e
pal.mspx
It should allow you to run your applications as a member of the
Administrators without explicitly granting the end user the same
privileges.
----
Bruce K. Marshall - bmarshall (at) securityps (dot) com [email concealed] - 913-484-7233
Security Professional Services, Inc. - Kansas City
----- Original Message -----
From: "Murad Talukdar" <talukdar_m (at) subway (dot) com [email concealed]>
To: <>
Sent: Thursday, January 13, 2005 9:10 PM
Subject: local admin vs group policy and apps...
> Hi,
> We have two apps (even calling them legacy seems to attribute some
> undeserved elegance to them) which must run at admin level to function
> properly. I am trying to find out whether the fact that users are
allowed
> to
> be local admins, or even given the runas power to run the app can
still be
> locked out of control panel etc through GPOs.
>
> I mean, if I let people runas then they know the admin password so can
> rescind any GP settings, can't they? How can I shut that possibility
out?
>
> Yes I have asked for the possibility of then apps being recoded to
> function
> under power users but the development team are of the starving waif
> variety
> due to under resourcing...this consideration is not high on the list.
>
> Kind Regards
> Murad Talukdar
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]