• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

XP & 2K Permissions: any benefit to a security permission that is basically limited+install programs?

F

fbrdphreak

Lifer
Hey guys,
I'm curious about something. There are a few dozen laptops that I oversee which have a lot of spyware infestations on a regular basis. Among a few other ideas I have, I had the thought of creating a limited user acct for general access and an admin acct for faculty (this is in an education setting).

My question is: is there any value to creating an acct that is basically a limited user with the ability to install programs? I'm trying to limit the onslaught of spyware/adware, and I have other safeguards in place, but would this be at all valuable or should I just use a regular admin acct for that? What other things might be blocked if I went with limited+install? Or is blocking install the big key to preventing spyware/adware from being loaded?

TIA
 
Just use restriced users for your users and install programs with your admin account.

To install programs you basically need admin access anways.
 
Just make the normal user accounts, and when you are required to install programs just use the runas function. Things are much safer that way.
 
The only problem with that is that I won't always be the only one installing software. Faculty may have to do it and I think a command line might scare them. I just don't want them browsing the internet anymore with an admin account :roll:
 
Actually it's fairly easy, just shift-right click the installer/whatnot and it will have a "runas..." at least for Win2K. For XP the runas seems to come up on a right click by default.

Edit: beaten by a slow refresh. 🙂
 
The 2K machines are on their way out (thanks god, P3 Dell's), so I'm less worried about those. But these damn XP machines didn't even have SP1 before I got here and they're just a huge f-ing mess that I want to avoid from constantly having to clean up :roll:

Thanks for the info
 
There is no such thing as an "install software" right or permission.

Some software writes to Program Files, to HKLM in the registry, and/or HKCR in the registry.

That's where permissions are set: on the files and registry keys. There's no way to know in advance to what file and registry locations a program will install stuff without, well, really knowing what that application's installer does.

If a user has write permissions to HKLM or HKCR, they can elevate themselves to Administrator with little effort.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top