-
August 30th, 2011, 04:14 PM
#11
Originally Posted by foxyloxley
the WTF fairy
LOL! I don't think I've ever quite heard it put that way before lol. Thanks man, I needed a good laugh and that did it for me.
As for the OP; Dude WTF... First rule of being root / admin, is that users are idiots who shouldn't be allowed to do a DAMN THING that isn't required for whatever job they have!
This used to be a Nightmare to enforce back before Windows 7 became an option, and I.... I actually kinda like Windows 7.... Which is weird for me, because I don't like Windows in general.
But Windows 7, they finally stole the right UI to make it look nice, and they even have a "run as" thing that doesn't take learning DOS BS no one ever uses anymore, and even I was shocked to see that when the original version of Unreal Tournament wouldn't work on Windows 7, I simply clicked on a button that it said would check to see if there was a way to run it in another manner, and it worked!
A few clicks, and it said running Unreal Tournament in a Windows 9X manner would let it work, so I tried it, and to my complete and utter astonishment, it worked!
I still think Unix had the right idea about "su" and "sudo" a long time ago, because you can truly get down to it and limit everything you want, which still isn't the same in Windows, but they are finally catching up to the OS they say is "old, archaic, and outdated".... lol.
I like how Microsoft refers to Unix as something that's out dated technology, and totally archaic, and yet, it has features they are just now catching up to.
-
August 30th, 2011, 05:41 PM
#12
Yes Yes Gore ofc users shouldnt be allowed to run anything not allowed, I was merely looking for the easiest and simplest solution to admining that if an admin were to sit at the PC in question.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 30th, 2011, 09:55 PM
#13
Didn't mean it as an insult or anything dude, I was using Protocol #BOFH is all
-
August 31st, 2011, 02:48 AM
#14
On my network, very few people are local admins. I could probably count them on one hand. [They are using a couple of crappy apps that require admin access to function] No one runs as domain admin unless they are doing tasks that require that authority.
I run as a normal user with local admin rights, but still must elevate my rights to install software, or make changes. I use runas to manage active directory, group policy, DNS, etc.
As bludgeon implied, this keeps people from installing unapproved software.
I also lock most accounts down to where they can only run software that is in a list of approved executables, and prevent any executable from running out of a temp folder.
Since I have been doing this, I have not had one infection. Sure, quite a few users regard me as a nazi, but they are still able to get their work done, and I can focus on more important issues.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
August 31st, 2011, 07:28 AM
#15
Didn't mean it as an insult or anything dude, I was using Protocol #BOFH is all
I also lock most accounts down to where they can only run software that is in a list of approved executables, and prevent any executable from running out of a temp folder.
This is possibly the brainwave I was looking for - applocker I take it?
http://www.microsoft.com/windows/ent...aspx#applocker
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 31st, 2011, 01:51 PM
#16
Originally Posted by Cider
That would work, but I actually use GPOs to do this. User Policies > Admin Templates > System > Run only approved Windows executables. [If I remember correctly]
And then I use Software Restriction Policies [in a separate GPO] to keep anything from running out of %temp% and %tmp%. This one can cause problems installing some software, so I keep it as a separate GPO, for easy removal.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
August 31st, 2011, 01:57 PM
#17
Originally Posted by westin
That would work, but I actually use GPOs to do this. User Policies > Admin Templates > System > Run only approved Windows executables. [If I remember correctly]
And then I use Software Restriction Policies [in a separate GPO] to keep anything from running out of %temp% and %tmp%. This one can cause problems installing some software, so I keep it as a separate GPO, for easy removal.
Thanks Westin - I went through this a while back but as I dont really admin any GPO's its slipped the mind.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
September 5th, 2011, 08:13 AM
#18
Telling EVERY poster to use XP is not only not going to work, it's getting annoying. If they wanted to use XP, they'd use it. And support for XP, and security patches being released for it, it NOT going to last that much longer, so it's also bad advice.
Replying to every post saying to use XP doesn't help at all.
-
September 5th, 2011, 09:45 AM
#19
lol what the hell :P +10 to gore ^^
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
September 5th, 2011, 11:02 PM
#20
Danke schoen
You noticed too huh? Even the thread I had where I was working on a machine got that reply about using XP instead lol.
Similar Threads
-
By rajunpl in forum Operating Systems
Replies: 43
Last Post: July 1st, 2004, 07:30 AM
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By Linebacker54 in forum Newbie Security Questions
Replies: 14
Last Post: February 18th, 2004, 02:12 PM
-
By CyberSpyder in forum AntiOnline's General Chit Chat
Replies: 6
Last Post: April 16th, 2003, 04:11 PM
-
By powertoad5000 in forum General Computer Discussions
Replies: 1
Last Post: October 1st, 2002, 04:08 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|