Compare cert salaries and plan your next career move
tiersten wrote: Eh? You sure? That makes no sense and its a massive security issue if it does...
sprkymrk wrote: tiersten wrote: Eh? You sure? That makes no sense and its a massive security issue if it does... Yes, he's right. Tell me how that would be a massive security issue though?
Lee H wrote: So what your saying Spymark is that if the client is added to the default Computers container then a standard user can do this, but if there is some kind of rule set up that put it into a seperate OU then the standard user will not be able to do it
sprkymrk wrote: Lee H wrote: So what your saying Spymark is that if the client is added to the default Computers container then a standard user can do this, but if there is some kind of rule set up that put it into a seperate OU then the standard user will not be able to do it Correct.
tiersten wrote: sprkymrk wrote: tiersten wrote: Eh? You sure? That makes no sense and its a massive security issue if it does... Yes, he's right. Tell me how that would be a massive security issue though? Do you want computer appearing on your domain that are untrusted? Or does that count as a minor issue in your book? I've seen a few places which granted specific users local admin on their PCs whilst having a regular domain account. It was usually due to some legacy applications.
Cant imagine a scenareo were someone would have local admin on PC but also be standard user on domain
sprkymrk wrote: If your users are already local admins on their computer, that is a security issue. The fact that they can add a computer to the domain - well what would they actually have to do? If it's a company computer it's probably already on the domain and you already made them an admin on it so...
sprkymrk wrote: Once the computer is on the domain their should be policies in place (such as restricted groups) that would ensure domain users were not local admins, then rename and lock the local admin account or at least change it's p/w, etc.
nel wrote: Lee, mark is spot on with this Cant imagine a scenareo were someone would have local admin on PC but also be standard user on domain We had to in a previous job otherwise our main production software would not run so effectivly if we didnt we wouldnt be able to create/sell newspapers
Mishra wrote: I'm not sure why Microsoft made this the default setting. It should have been an option but not a default setting.
tiersten wrote: nel wrote: Lee, mark is spot on with this Cant imagine a scenareo were someone would have local admin on PC but also be standard user on domain We had to in a previous job otherwise our main production software would not run so effectivly if we didnt we wouldnt be able to create/sell newspapers Typewriter, some paper, big pot of glue and a pair of scissors I guess the main issue here is crap applications that require elevated priviledges when they really shouldn't need to.
tiersten wrote: nel wrote: Lee, mark is spot on with this Cant imagine a scenareo were someone would have local admin on PC but also be standard user on domain We had to in a previous job otherwise our main production software would not run so effectivly if we didnt we wouldnt be able to create/sell newspapers I guess the main issue here is crap applications that require elevated priviledges when they really shouldn't need to.
RTmarc wrote: And, as you can imagine, the software creator's blanket fix is local admin rights.
undomiel wrote: Process Monitor supercedes Filemon and Regmon as it combines the functionality of the two.
dynamik wrote: Peachtree is the bane of my existence. I've never had so many problems with a software package before.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
