]
Sent: Friday, April 24, 2009 4:43 AM
To: NT System Admin Issues
Subject: RE: Restricted groups, where have you been
Yes, it will go on and on :-) That's the point - you can't really stop
administrators from doing whatever they want on their own machines. You
need something that&#
.@nwea.org]
Sent: Friday, April 24, 2009 7:02 AM
To: NT System Admin Issues
Subject: RE: Restricted groups, where have you been
You guys realize in James' case you STILL need to have a clue what you
need to do. Russinovich is not exactly a household name to non computer
dorks, and
I've had a copy of that downloaded for a while now and have been meaning to
give it a go...old (process monitor trawling) habits appear to die hard :-)
2009/4/24 Ben Scott
> On Fri, Apr 24, 2009 at 4:41 AM, James Rankin
> wrote:
> > The question which I am asking, when I get a spare minute, is
On Fri, Apr 24, 2009 at 4:41 AM, James Rankin wrote:
> The question which I am asking, when I get a spare minute, is why the
> scanning software in use needs admin privs anyway. A bit of process
> monitor should hopefully provide the answer ...
Use LUA BugLight instead. It does the same thing
April 23, 2009 8:18 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Restricted groups, where have you been
>
>
>
>
>
> But in James' case, I can just bring my own copy of cacls.exe (or have a
> scheduled job to make a copy of the existing one) and unless SeT
line.
Not that our users are local admins.
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Thursday, April 23, 2009 8:18 PM
To: NT System Admin Issues
Subject: RE: Restricted groups, where have you been
But in James' case, I can just bring my own copy of cacls.exe (or h
nplace there.
Cheers
Ken
From: Free, Bob [r...@pge.com]
Sent: Friday, 24 April 2009 2:18 AM
To: NT System Admin Issues
Subject: RE: Restricted groups, where have you been
Before Russinovich blogged it you at least had to have a bit of a clue about
GPO's to
vich did a blog post on how admins
can stop GPOs applying to their machines.
Cheer
Ken
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, 24 April 2009 6:41 PM
To: NT System Admin Issues
Subject: Re: Restricted groups, where have you been
I suppose this could go on and on :-)
:22 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Restricted groups, where have you been
>
>
>
> good point. SeTakeOwnershipPrivilege is now about to be removed.
>
> You probably are right, it would have been easier to configure at the
> perimeter...but that is ma
evice that's inplace there.
Cheers
Ken
From: Free, Bob [r...@pge.com<mailto:r...@pge.com>]
Sent: Friday, 24 April 2009 2:18 AM
To: NT System Admin Issues
Subject: RE: Restricted groups, where have you been
Before Russinovich blogged it you at least had to
ever device that's inplace there.
>
> Cheers
> Ken
>
> --
> *From:* Free, Bob [r...@pge.com]
> *Sent:* Friday, 24 April 2009 2:18 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Restricted groups, where have you been
>
> Before Russinovich blogged it
; >
> > 2009/4/23 Ken Schaefer
> >>
> >> If they are administrators, they can defeat GPOs given sufficient
> >> knowledge...
> >>
> >> Cheers
> >> Ken
> >>
> >> ____________
> >> From: James
_
From: Free, Bob [r...@pge.com]
Sent: Friday, 24 April 2009 2:18 AM
To: NT System Admin Issues
Subject: RE: Restricted groups, where have you been
Before Russinovich blogged it you at least had to have a bit of a clue about
GPO’s to defeat them, now it is trivial…relatively
From: Ke
>> Ken
>>
>>
>> From: James Rankin [kz2...@googlemail.com]
>> Sent: Thursday, 23 April 2009 5:12 PM
>> To: NT System Admin Issues
>> Subject: Re: Restricted groups, where have you been
>>
>> For those who can
Before Russinovich blogged it you at least had to have a bit of a clue
about GPO's to defeat them, now it is trivial...relatively
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Thursday, April 23, 2009 12:26 AM
To: NT System Admin Issues
Subject: RE: Restricted groups, where hav
* NT System Admin Issues
> *Subject:* Re: Restricted groups, where have you been
>
> For those who can remember the NT4 days, GPOs as a whole are an awesome
> admin tool. When I managed an NT4 network with 10,000 users I actually had
> batch scripts running overnight that reset the us
If they are administrators, they can defeat GPOs given sufficient knowledge...
Cheers
Ken
From: James Rankin [kz2...@googlemail.com]
Sent: Thursday, 23 April 2009 5:12 PM
To: NT System Admin Issues
Subject: Re: Restricted groups, where have you been
For
For those who can remember the NT4 days, GPOs as a whole are an awesome
admin tool. When I managed an NT4 network with 10,000 users I actually had
batch scripts running overnight that reset the user rights on all DCs and
members servers, checked the local group memberships and altered them back
to
Amen, brother!
When I first started here last year we had to do a major cleanup of
Admin-related groups on our domain and still have to cleanup some local
workstation groups that are controlled via GPOs.
We just recently spun a portion of our users off into their own domain
and we used Rest
19 matches
Mail list logo
