Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Admin Rights required on Terminal Services

from [Burton Strauss] Network Security [Permanent Link]
Subject: RE: Admin Rights required on Terminal Services
Date: Thu, 17 Mar 2005 11:10:52 -0600 
The right answer, of course, is to fix the application.  No normal user
application should need admin.

Baring that, "Local Admin" is a bunch of rights - 98% of which your
application does not need.  It's painful, but you could work through the
app, figuring out one at a time what rights they really need (create files
in this directory. Read that file, etc.).  Then build an account/group with
just those necessary rights.  Once you have the account/group, you can

* Add the necessary (and only the necessary) users to the group

Or 

* Use RUNAS, giving out only the password to the special userid, not the
admin password.

-----Burton 

-----Original Message-----
From: sf_mail_sbm@yahoo.com [mailto:sf_mail_sbm@yahoo.com] 
Sent: Thursday, March 17, 2005 9:46 AM
To: security-basics@securityfocus.com
Subject: Admin Rights required on Terminal Services



Dear List,

We have an application that needs local admin rights to run

This is a legacy application, and cannot be run as a service

We are planning to run the application on a Terminal Services server (Win
2K3)

Clients cannot run the application thru TS, since they do not have local
admin rights

One option is to put the users as local admins, and restrict the menus to
which they have access through Group Policy

Is there any other way to make users run the application without givin them
local admin rights?

Tried to look at "runas", but user will need to enter the administrator
password

Thank u all for ur help

Ronish
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  GIAC Dilution, Andy Cuff [Talisker]
Next by Date:  Re: logging users off AD through vbscript, Micheal Espinola Jr
Previous by Thread:  Admin Rights required on Terminal Services, sf_mail_sbm
Next by Thread:  RE: Admin Rights required on Terminal Services, Conlan Adams
Indexes:  [Date] [Thread] [Top] [All Lists]