OT: SUS, Interwise and other applications that require users to belong to the Local Administrator Group
- From: "David V. Dellanno" <ddellanno@xxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 6 Jun 2003 07:07:44 -0400
Hi everyone,
Sorry for the repeated question but was wondering if anyone has
any suggestion to this issue?
Yesterday I had joined Windows Server 2003 Security Guide
Microsoft webcast and ask about applications such as, Microsoft
application (SUS), the software for the webcast (Interwise), and other
third party software (Ad-aware) that require users to belong to the
Local Administrator Group to obtain full functionality. The mediator
explanation was to due to developing of the software and that
third-party software companies do not implement security design for
their application, but didn't have a work-around for this scenario.
This is interesting, isn't it the idea to lock down as much surface
space for hackers to attack, but when a software for user requires local
admin full control, wouldn't this be a red-flag to raise as a security
hole on the network or system? Doesn't this increase the risk if the
user were to receive a virus or worm? Then what good are the default
Local groups (Power-Users and Users) for at the local system level?
Does this go without saying in a development environment as well, since
most of their environment needs full access and limited security
restrictions to their local system? Does this defeat the purpose of
securing the end-users environment? Any suggestions are greatly
appreciated
Regards,
David V. Dellanno - MCSE, MCP+I, MCP
MSDEMO Consultants
Williams Place
2564 Bridgewood Lane
Snellville, Georgia 30078 USA
(770) 736-8794 (Office)
msdemo.net
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
Other related posts: