RE: OT: SUS, Interwise and other applications that require users to belong to the Local Administrator Group
- From: "Joe Pochedley" <JoePochedley@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 6 Jun 2003 08:42:59 -0400
David,
I would definitely agree that programs that require the user to be Local
Admin on a machine to run are poorly designed programs. Therefore, if
you are running a network and need to lock down the workstations, you
should stay away from these programs...
SUS can be set to run and install updates, through GPOs, without the
locally logged on user having Admin provides
Joe Pochedley
If you have time to do it twice,
you had time to do it right in
the first place.
-----Original Message-----
From: David V. Dellanno [mailto:ddellanno@xxxxxxxxxx]
Sent: Friday, June 06, 2003 7:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] OT: SUS, Interwise and other applications that
require users to belong to the Local Administrator Group
http://www.ISAserver.org
Hi everyone,
Sorry for the repeated question but was wondering if anyone has
any suggestion to this issue?
Yesterday I had joined Windows Server 2003 Security Guide
Microsoft webcast and ask about applications such as, Microsoft
application (SUS), the software for the webcast (Interwise), and other
third party software (Ad-aware) that require users to belong to the
Local Administrator Group to obtain full functionality. The mediator
explanation was to due to developing of the software and that
third-party software companies do not implement security design for
their application, but didn't have a work-around for this scenario.
This is interesting, isn't it the idea to lock down as much surface
space for hackers to attack, but when a software for user requires local
admin full control, wouldn't this be a red-flag to raise as a security
hole on the network or system? Doesn't this increase the risk if the
user were to receive a virus or worm? Then what good are the default
Local groups (Power-Users and Users) for at the local system level?
Does this go without saying in a development environment as well, since
most of their environment needs full access and limited security
restrictions to their local system? Does this defeat the purpose of
securing the end-users environment? Any suggestions are greatly
appreciated
Regards,
David V. Dellanno - MCSE, MCP+I, MCP
MSDEMO Consultants
Williams Place
2564 Bridgewood Lane
Snellville, Georgia 30078 USA
(770) 736-8794 (Office)
msdemo.net
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
