Announcement

Collapse
No announcement yet.

Install and Run account for the Limited User Account

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Install and Run account for the Limited User Account

    Not sure if the title makes sense, but heres the scenario. I am trying to push my users to run as limited users, as there is too much of a security risk to run as admin. But they will lose some flexibility and productivity and may even create more work orders for simple software installs and execution. Tell me if this is a good idea or what an alternative is. Ive seen some free software for windows that will allow the equivalent of sudo in linux. But I was thinking about creating an admin account named installme and runme for installing and running software from the run as cmd. With this, is there anyway to disable interactive login with these accounts so the user cant login with these accounts? By the way this is a local windows xp environment and I will shortly switch it over to a 2003 active dir domain. If you need anymore info or this sound unclear, let me know. Thanks in advance.

  • #2
    Re: Install and Run account for the Limited User Account

    You can cut your workload by waiting until you are on a 2003 domain. Then, make your user activity restricted by Group Policy which can control the behaviour of the users in powerful ways.

    Whatever solution you implement now, before going to a domain, may be a bit redundant in a few weeks' time.

    I suggest that after you are all logging onto the domain, you ask for advice on what restrictions you can put in place using Group Policy.

    See also post number 2 of http://forums.petri.com/showthread.p...5406#post75406
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: Install and Run account for the Limited User Account

      ...but in answer to one of your questions, yes, you can prevent interactive logon for accounts using gpedit.msc to edit local system policy (on XP Professional). It's in the security settings under Windows Settings...Security Settings...Local Policies...User Rights Assignment...Deny Logon Locally.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Install and Run account for the Limited User Account

        Thanks for the solution stonelaughter and thanks paulh for the future tip.

        Comment


        • #5
          Re: Install and Run account for the Limited User Account

          Well one more question. What kinda security issue will this create. Having 2 admin accounts without a password, but no interactive logon. Can these systems be exploited when running as limited user, maybe through http and or netbios/smb protocols? Thanks again.

          Comment

          Working...
          X