More on Security and Running LUA
I have come upon some more references on this topic:
Aaron Margosis mentioned that running as a member of the Power Users group is just as dangerous as local admin. I didn't quite understand that, and have only recently found some more details on this issue:
Per Ostergaard discusses this in a "And I thought Power Users were a wise choice..." at his msgoodies blog.
Microsoft posted a KB article A member of the Power Users group may be able to gain administrator rights and permissions(October 2004) describing the nature and danger of putting users in the "Power User" group.
He found a reference at the "Hall of Shame" page at the threatcode.com site.
He also posts links to more details of the dangers of the "Power Users" group. There is an oldpost at Michael Howard's blog about kewl tools that has some good comments on the issue.
Aaron Margosis mentioned that running as a member of the Power Users group is just as dangerous as local admin. I didn't quite understand that, and have only recently found some more details on this issue:
Per Ostergaard discusses this in a "And I thought Power Users were a wise choice..." at his msgoodies blog.
Microsoft posted a KB article A member of the Power Users group may be able to gain administrator rights and permissions(October 2004) describing the nature and danger of putting users in the "Power User" group.
He found a reference at the "Hall of Shame" page at the threatcode.com site.
He also posts links to more details of the dangers of the "Power Users" group. There is an oldpost at Michael Howard's blog about kewl tools that has some good comments on the issue.
posted by Allan Wolff at 3:16 PM
0 Comments:
Post a Comment
<< Home