Local admins?

Do most people here have their users set *not* to be local administrators on their PC's? We have 250 users here all as local admins and we'd like to move them away from that. BeyondTrust has a privilege Manager which lets you very granularly set permissions for the items you wan

Re: Local admins?

istrators on their PC's? We have 250 users here all as local admins and > we'd like to move them away from that. BeyondTrust has a privilege Manager > which lets you very granularly set permissions for the items you want to > allow higher access for, I'm wondering of most f

Re: Local admins?

from senior management. Indeed it was almost a mandate. > > > On Wed, Aug 27, 2008 at 10:15 AM, David Lum <[EMAIL PROTECTED]> wrote: > >> Do most people here have their users set **not** to be local >> administrators on their PC's? We have 250 users here all as local admi

RE: Local admins?

Yep, no local admins here and we haven’t had a malware or virus infection since – going on 3 years. No special tools on the client, just policy (with management backing) and a little more work to figure out what permissions need to be set for what to make regular users work as a non-admin (RegMon

Re: Local admins?

> On Wed, Aug 27, 2008 at 10:15 AM, David Lum <[EMAIL PROTECTED]> wrote: > >> Do most people here have their users set **not** to be local >> administrators on their PC's? We have 250 users here all as local admins and >> we'd like to move them away from t

RE: Local admins?

David Lum [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2008 10:15 AM To: NT System Admin Issues Subject: Local admins? Do most people here have their users set *not* to be local administrators on their PC's? We have 250 users here all as local admins and we'd like to move

RE: Local admins?

Yeah, no tools here either. Just manually added some admin permissions to some certain folders that needed it. Piece of cake for us. From: Kevin Lundy [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2008 9:20 AM To: NT System Admin Issues Subject: Re: Local admins? We did

RE: Local admins?

Issues Subject: Local admins? Do most people here have their users set *not* to be local administrators on their PC's? We have 250 users here all as local admins and we'd like to move them away from that. BeyondTrust has a privilege Manager which lets you very granularly set permissio

RE: Local admins?

With about 200 users they are all running as regular users (not local admins or power users) except for a very few. This is on Windows XP SP2 and 3. The few that are local admins are because of software that does not work correctly otherwise, most notably ADP PC Payroll software. (You'd th

RE: Local admins?

TED] Sent: Wednesday, August 27, 2008 7:15 AM To: NT System Admin Issues Subject: Local admins? Do most people here have their users set *not* to be local administrators on their PC's? We have 250 users here all as local admins and we'd like to move them away from that. BeyondTrust has

RE: Local admins?

Manzo [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2008 3:38 PM To: NT System Admin Issues Subject: RE: Local admins? Local Admin is the exception, and generally only occurs for political reasons. Apps which "require" local admin get run through FileMon and RegMon to tear down

Re: Local admins?

On Wed, Aug 27, 2008 at 10:41 AM, Jacob <[EMAIL PROTECTED]> wrote: > Nobody here is a local admin of their workstation. Period… End of > discussion… Do not pass Go… do not collect $200. 75% of my headaches > solved! > Even I do not log in as administrator. That. All day-to-day operations ar

Re: Local admins?

In my environments NO ONE EVER gets local admin, politics be damned - a common saying is "I don't care who you are, how much you make or who you know. You're NOT getting local admin." Sure there's some nuclear fallout once in a while, but everything runs much much smoother in the long run. By myse

Re: Local admins?

ways around these with permissions and such, or just periodically do these updates with an admin account? Anthony - Original Message - From: "Phil Brutsche" <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2008 4:56 PM Subject: Re: Local admins? In my environments NO ONE

RE: Local admins?

y-side with the old.) -Original Message- From: Anthony [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 8:52 AM To: NT System Admin Issues Subject: Re: Local admins? This getting rid of local admin track sounds great from all the feedback. Doesn't updates need local admin, li

RE: Local admins?

riginal Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 11:06 AM To: NT System Admin Issues Subject: RE: Local admins? Ideally, you have a patch management product that will take care of them for you. If your users are also responsible for their own patch

Re: Local admins?

Windows Updates -> Not if you're using WSUS. WSUS (or something that does the same job) is a must-have in *any* environment. If you have your users manually visit http://update.microsoft.com then you'll have a problem. Java Updates -> *might* be an issue. Deploying through AD Software Installation

RE: Local admins?

gt;From: Anthony [mailto:[EMAIL PROTECTED] >Sent: Thursday, August 28, 2008 10:52 AM >To: NT System Admin Issues >Subject: Re: Local admins? > >This getting rid of local admin track sounds great from all the feedback. > >Doesn't updates need local admin, like: > >Window

RE: Local admins?

From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 12:42 PM To: NT System Admin Issues Subject: RE: Local admins? We (and some others on the list) use Shavlik for patch management here. It's been phenomenal. We patch all Microsoft products, Firefox, Adobe Reader,

RE: Local admins?

via AntiVirus server -Original Message- From: Anthony [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 11:52 AM To: NT System Admin Issues Subject: Re: Local admins? This getting rid of local admin track sounds great from all the feedback. Doesn't updates need local admi

RE: Local admins?

L PROTECTED] > Sent: Thursday, August 28, 2008 12:48 PM > To: NT System Admin Issues > Subject: RE: Local admins? > > There are going to be times when custom software will require the > installing > user to be the one using it later. Right now Blackberry desktop is a > pain &

RE: Local admins?

- Andy O. >-Original Message- >From: Ziots, Edward [mailto:[EMAIL PROTECTED] >Sent: Thursday, August 28, 2008 11:46 AM >To: NT System Admin Issues >Subject: RE: Local admins? > >Andy, > >I am seeing an issue in my Shavlik V5.9.1.145 version with Office 2007 >put

RE: Local admins?

: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 12:59 PM To: NT System Admin Issues Subject: RE: Local admins? We haven't gone to Office 2007 yet and I've never had any issues with patching 2003 - on 5.9 or 6.1. I don't think I've tried doing what

RE: Local admins?

as IT admins. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 12:51 PM To: NT System Admin Issues Subject: RE: Local admins

Re: Removing local admins

I'd agree with the GPP method...it lets you get a lot more creative ---Blackberried -Original Message- From: "Free, Bob" Date: Fri, 28 Sep 2012 18:36:28 To: NT System Admin Issues Reply-To: "NT System Admin Issues" Subject: RE: Removing local admins Instead

Re: Removing local admins

Wow, you should get in our weekly Thursday night bad joke competition :-) which I won yesterday ---Blackberried -Original Message- From: Webster Date: Fri, 28 Sep 2012 19:10:53 To: NT System Admin Issues Reply-To: "NT System Admin Issues" Subject: RE: Removing local admin

RE: Removing local admins

Except there is nothing left after it has evaporated. :) Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Jonathan Link [mailto:jonathan.l...@gmail.com] Subject: Re: Removing local admins She likes evaporated milk?

RE: Removing local admins

System Admin Issues Subject: Re: Removing local admins I'd agree with the GPP method...it lets you get a lot more creative ---Blackberried From: "Free, Bob" Date: Fri, 28 Sep 2012 18:36:28 + To: NT System Admin Issues ReplyTo: "NT

Re: Removing local admins

On Fri, Sep 28, 2012 at 10:59 AM, David Lum wrote: > So…I am working on removing our Service Desk guys as local admins on their > own machine but still be local admins on other machines. I can do this, in > and of itself easily enough, but it’s the transition period that I need to >

Power Users vs Local Admins

I think I know the answer to this, but I need to be sure. If you are a member of Local Administrators and a member of Local Power Users your effective rights are Local Administrator, correct? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~

Re: Power Users vs Local Admins

Yep You could argue that local Power Users is superfluous in that situation, since the local Adminstrators group is granted all the same privileges, plus a heck of a whole lot more. Kennedy, Jim wrote: > I think I know the answer to this, but I need to be sure. If you are a > member of Local Admi

RE: Power Users vs Local Admins

Issues > Subject: Re: Power Users vs Local Admins > > Yep > > You could argue that local Power Users is superfluous in that > situation, > since the local Adminstrators group is granted all the same privileges, > plus a heck of a whole lot more. > > Kennedy, Jim wrot

RE: Power Users vs Local Admins

es Subject: Power Users vs Local Admins I think I know the answer to this, but I need to be sure. If you are a member of Local Administrators and a member of Local Power Users your effective rights are Local Administrator, correct? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!

Local admins (was RE: MSINFO popping up)

We've resolved to take away admin perms as systems are ordered with Windows 7. No new PC for you unless you are NOT an admin - seems to be a reasonable line in the sand. This will allow us to work out the issues with "admin required apps" on a more reasonable schedule too, since the user will no

Re: Local admins (was RE: MSINFO popping up)

I'll chime in and agree that removing admin rights from regular accounts is one of the best things you can do. The rest of the computer world has been doing it for 50 years or so; it's high time the Windows world joined in, too. We started doing this when we started migrating from Win9X to 20

Re: Local admins (was RE: MSINFO popping up)

Thoroughly agree, and I'm finally convincing management to let us make this happen - though our software engineers are not yet aware of it. They'll probably end up on a firewalled subnet of their own, though, and can do what they want with it, as I'll wash my hands of that. But, I'm down to two gu

RE: Local admins (was RE: MSINFO popping up)

System Admin Issues Subject: Re: Local admins (was RE: MSINFO popping up) Thoroughly agree, and I'm finally convincing management to let us make this happen - though our software engineers are not yet aware of it. They'll probably end up on a firewalled subnet of their own, though, and ca

Re: Local admins (was RE: MSINFO popping up)

Damn right. Knocking admin rights on the head was the first thing I did arriving at this gig. We no longer have problems with corrupted profiles, and our virus incidents have dropped dramatically. Using mandatory profiles and harnessing the full power of Group Policy Objects has also helped. Despit

RE: Local admins (was RE: MSINFO popping up)

ankin [kz2...@googlemail.com] Sent: Wednesday, September 02, 2009 4:29 AM To: NT System Admin Issues Subject: Re: Local admins (was RE: MSINFO popping up) Damn right. Knocking admin rights on the head was the first thing I did arriving at this gig. We no longer have problems with corrupted profiles, and our virus

Re: Local admins (was RE: MSINFO popping up)

dnesday, September 02, 2009 4:29 AM > To: NT System Admin Issues > Subject: Re: Local admins (was RE: MSINFO popping up) > > Damn right. Knocking admin rights on the head was the first thing I > did arriving at this gig. We no longer have problems with corrupted > profiles,

RE: Local admins (was RE: MSINFO popping up)

That makes sense. I can gradually get people used to not being local admins. J Most of customer service is NOT a local admin (only power user at most.) It's mainly just the admin people who are local administrators on their machines. John-AldrichTile-Tools From: David Lum [mailto:

Re: Local admins (was RE: MSINFO popping up)

Even the admin people don't need admin rights. Runas does the trick... 2009/9/2 John Aldrich : > That makes sense… I can gradually get people used to not being local admins. > J Most of customer service is NOT a local admin (only power user at most.) > It’s mainly just the admin

Re: Local admins (was RE: MSINFO popping up)

On Wed, Sep 2, 2009 at 9:52 AM, John Aldrich wrote: > Most of customer service is NOT a local admin (only power user at most.) The difference between a "Power User" and an admin is negligible. Either can destroy the system through accident or design. "Power User" was a bad idea from day one. C

Re: Local admins (was RE: MSINFO popping up)

of restrictions that regular users have to work under as > well. > > Cheers > Ken > > -Original Message- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Wednesday, 2 September 2009 6:17 AM > To: NT System Admin Issues > Subject: Re: Local admin

Unknown account created and added to local admins group

An account has been created and added to the local Administrators group on an XP workstation that's a member of a domain. The name of the account is a long string of random small and capital letters like this: wiwr7eyieUEIRU4EYSRI I see in the Security log when the account was added, then a passwo

RE: Unknown account created and added to local admins group

Issues Subject: Unknown account created and added to local admins group An account has been created and added to the local Administrators group on an XP workstation that's a member of a domain. The name of the account is a long string of random small and capital letters like

Re: Unknown account created and added to local admins group

nt:* Wednesday, 29 October 2008 10:14 AM > *To:* NT System Admin Issues > *Subject:* Unknown account created and added to local admins group > > > > An account has been created and added to the local Administrators group on > an XP workstation that's a member of a domain.

RE: Unknown account created and added to local admins group

logged on (interactively, via RDP, across the network, or as a service/batch job) in order to make the change. Cheers Ken From: Clubber Lang [mailto:[EMAIL PROTECTED] Sent: Wednesday, 29 October 2008 1:14 PM To: NT System Admin Issues Subject: Re: Unknown account created and added to local admins group

RE: Unknown account created and added to local admins group

You might want to find out what is using the account. From: Clubber Lang [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 10:14 PM To: NT System Admin Issues Subject: Re: Unknown account created and added to local admins group ~ Finally

RE: Unknown account created and added to local admins group

PM To: NT System Admin Issues Subject: Re: Unknown account created and added to local admins group CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is

RE: Unknown account created and added to local admins group

: James Winzenz [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 10:13 AM To: NT System Admin Issues Subject: RE: Unknown account created and added to local admins group Wait a sec - the event showing when the account was created (624) should contain information on who created the acc

Re: Unknown account created and added to local admins group

ames Winzenz > > Infrastructure Systems Engineer II - Security > > Pulte Homes Information Services > > > ------ > > *From:* Clubber Lang [mailto:[EMAIL PROTECTED] > *Sent:* Tuesday, October 28, 2008 7:14 PM > *To:* NT System Admin Issues > *Subj

Re: Unknown account created and added to local admins group

I bet that's what the event log would look like if a rootkit running as SYSTEM added local administrator accounts... Clubber Lang wrote: > Thanks, James. Yeah, the user was the same for all events: NT > AUTHORITY\SYSTEM > > 624 - User Account Created - 9:19:13 AM > 626 - User Account Enabled - 9:

RE: Unknown account created and added to local admins group

: Unknown account created and added to local admins group I bet that's what the event log would look like if a rootkit running as SYSTEM added local administrator accounts... Clubber Lang wrote: > Thanks, James. Yeah, the user was the same for all events: NT > AUTHORITY\SYSTEM >

RE: Unknown account created and added to local admins group

EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 3:38 PM To: NT System Admin Issues Subject: RE: Unknown account created and added to local admins group Yeah - time to wipe and reload . . . Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Ser

RE: Unknown account created and added to local admins group

at performed the changes. Still looks like a compromise. Cheers Ken > -Original Message- > From: Phil Brutsche [mailto:[EMAIL PROTECTED] > Sent: Thursday, 30 October 2008 6:17 AM > To: NT System Admin Issues > Subject: Re: Unknown account created and added to local admins g

RE: Unknown account created and added to local admins group

: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 7:46 PM To: NT System Admin Issues Subject: RE: Unknown account created and added to local admins group Let's not get carried away with talk of a "rootkit" here. It could be a compromise. But rootkits are there to

Re: Unknown account created and added to local admins group

Network+,CCA > Phone: 401-639-3505 > -Original Message- > From: Ken Schaefer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 29, 2008 7:46 PM > To: NT System Admin Issues > Subject: RE: Unknown account created and added to local admins group > > Let's not get

RE: Unknown account created and added to local admins group

30, 2008 5:54 PM To: NT System Admin Issues Subject: Re: Unknown account created and added to local admins group I'd like to be able to proactively watch for these events in the security logs of about 50 computers in one domain. This product looks good: http://www.eventlogxp.com/

Re: Unknown account created and added to local admins group

,Security+,Network+,CCA >> Phone: 401-639-3505 >> -Original Message- >> From: Ken Schaefer [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, October 29, 2008 7:46 PM >> To: NT System Admin Issues >> Subject: RE: Unknown account created and added to local admins

RE: Unknown account created and added to local admins group

nown account created and added to local admins group > > I agree but rootkits can hide the true intention of what is going on in > the system and subvert anything you are seeing in the gui or logs, and > its going to be pretty hard to tell what is legit and what isn't when >

Re: Unknown account created and added to local admins group

gt; Cheers > Ken > > > -Original Message- > > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 30 October 2008 11:00 PM > > To: NT System Admin Issues > > Subject: RE: Unknown account created and added to local admins group > > > > I agre

RE: Unknown account created and added to local admins group

user mode applications. If something is altering your event log, Rootkit Revealer is unlikely to find it. Cheers Ken From: Clubber Lang [mailto:[EMAIL PROTECTED] Sent: Friday, 31 October 2008 9:57 AM To: NT System Admin Issues Subject: Re: Unknown account created and added to local admins group

RE: Unknown account created and added to local admins group

If you have SCOM, then there's Audit Collection Services (ACS) Cheers Ken From: Clubber Lang [mailto:[EMAIL PROTECTED] Sent: Friday, 31 October 2008 8:54 AM To: NT System Admin Issues Subject: Re: Unknown account created and added to local admins group I'd like to be able to proacti

Another pretty good example of why users shouldn't be local admins

http://blogs.technet.com/markrussinovich/archive/2008/01/02/2696753.aspx Perhaps, if rephrased for the non-technical, this could be a good object lesson for managers that don't see the value in controlling local administrators? Eric Eskam =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The contents

Re: Another pretty good example of why users shouldn't be local admins

On 16 Jan 2008 at 16:00, Eric E Eskam wrote: > http://blogs.technet.com/markrussinovich/archive/2008/01/02/2696753.aspx > > Perhaps, if rephrased for the non-technical, this could be a good object > lesson for managers that don't see the value in controlling local > administrators? Good read.