On 2005-01-14 Murad Talukdar wrote:
We have two apps (even calling them legacy seems to attribute some
undeserved elegance to them) which must run at admin level to function
properly.
Have you used Regmon/Filemon to verify the application definitely needs
that much privileges?
I am trying to find out whether the fact that users are allowed to be
local admins, or even given the runas power to run the app can still
be locked out of control panel etc through GPOs.
I mean, if I let people runas then they know the admin password so can
rescind any GP settings, can't they? How can I shut that possibility
out?
SUperior SU [1] may be what you're looking for. I haven't used it myself
yet, but maybe it's an option to you. However, be careful with this. The
applications will run with administrative privileges and so will any
dialogs popped up by them (e.g. users will be able to launch apps as
admin users through the common "file open" dialog).
Yes I have asked for the possibility of then apps being recoded to
function under power users but the development team are of the
starving waif variety due to under resourcing...this consideration is
not high on the list.
Power users are no less dangerous than administrators. Go for normal
users if you can, otherwise don't bother.
[1] http://www.stefan-kuhr.de/supsu/main.php3
Regards
Ansgar wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
---------------------------------------------------------------------------
---------------------------------------------------------------------------
