 Any Suggestions For Securing Users With Admin Rights? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Jan 25 2008, 04:42 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 25-January 08 Member No.: 186,097  |
I've been on the bleepingcomputer site for some time but finally created an account  Because of the nature of the software we use at work all workstation users have to be a member of the Administrator group to use it. As a result, the guys in the back have a nack for downloading bad stuff and removing the sunshine from my day  Anyone have any suggestions on how I can limit what they can do (prevent malware, spyware, downloading of bs...ect) while they have the Admin rights? The workstations are all custom built with Windows XP Pro SP2 There is the main Admin account and they log in with a user account thats part of the Admin group. This post has been edited by jr788: Jan 25 2008, 04:48 PM |
 |
 
|
|
Jan 26 2008, 02:35 AM
Post
#2
|
|
 Distinguished Member Group: Members Posts: 856 Joined: 5-January 07 From: Australia Member No.: 104,783 |
Hi jr, so are they admins on there own PCs or admins on the Domain? What is the software that requires a admin account?
-------------------- |
|
|
|
|
Jan 26 2008, 03:03 AM
Post
#3
|
|
 Distinguished Member Group: Members Posts: 814 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
With some adminstrative programs you can control all users rights.
Search around. Also, find out what domains they are downloading this malicious software from. Block access to the site for all users. if it keeps happenign try and track down the sites. It might be a pain but if you can't find software that will help you control rights. Just a thought 
This post has been edited by Teenage.Zombiee: Jan 26 2008, 03:10 AM -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
Jan 26 2008, 12:52 PM
Post
#4
|
|
 Member Group: Members Posts: 18 Joined: 10-October 07 Member No.: 162,148 |
Hi jr788,
Use of a HOSTS file would help, I think... something like this one maybe? Also, what about SpywareBlaster. This prevents certain spyware from installing in the first place... ~VirtueOfPanda~ -------------------- Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
|
|
|
|
|
Jan 27 2008, 09:35 PM
Post
#5
|
|
|
New Member Group: Members Posts: 3 Joined: 25-January 08 Member No.: 186,097 |
Thanks for the replies
 The workstations have Admin rights on the PC accounts but not the Domain. The software is Snapon ShopKey 5 & Management (Service Writer) ShopKey has user rights options, but that only works within the program & won't help with the things they get on the internet. I have McAfee AV & SpywareBlaster on it (I just downloaded the MS Defender also). It appears this last infection came from someone downloading a key generator for either Windows of MS Office  I enabled the content blocker in Internet Explorer, but it seems most pages don't have ratings so it blocks just about everything. I'm sure they go to porn sites (mechanics are dirty boys lol) and that's were a lot of hazards come from. Someone has also installed LimeWire in lou of a radio, could this be a potential problem also? |
|
|
|
|
Jan 28 2008, 05:39 AM
Post
#6
|
|
|
Distinguished Member Group: Members Posts: 814 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
QUOTE Someone has also installed LimeWire in lou of a radio, could this be a potential problem also? It all depends on what they download. I would advise them to only download music on the MP3 or M4A format. WMA files can be dangerous as they can cause popups and other malware issues. If you're interested on reading about the dangers of WMA files downloaded from P2P I suggest you read Risk Your PC's Health For A Song? Also I would block them from downloading certain file extentions from LimeWire. I reccomend blocking WMA, EXE, ZIP, RAR, WMV or any other zipped file you know of. Get some info on how here -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
Jan 29 2008, 12:27 AM
Post
#7
|
|
|
New Member Group: Members Posts: 3 Joined: 25-January 08 Member No.: 186,097 |
Thanks for all the help
 I'll be following the LimeWire tips. What does anyone think about disabling the Windows Installer through Admin Policies (gpedit.msc). They have Admin rights and could change it back, but I seriously doubt anyone using the PC is savvy enough to figure out how. Then, when I need to do system updates I could just enable it and disable it again when I'm done. Or would this cause more problems than it's worth? p.s. in case ne ones wondering about my edit, i'm having problems with my "e"s today, I typed system as systme, done as doen, and cause as cause, LOL, sorry, I'm a dork and find it funny  ppss. I give up, i can't even type my edit right 
This post has been edited by jr788: Jan 29 2008, 12:31 AM |
|
|
|
|
Jan 29 2008, 12:51 AM
Post
#8
|
|
|
Distinguished Member Group: Members Posts: 814 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
That would be up to you but some programs don't use Windows Installer to install. Which can be a problem because some malware I know of does not use MS installer.
I'd give the people who work with you a warning. More or less a threat: any more porn or malware and there will be no more admin rights. This would be a last resort of corse but why should your day be runined because of their stupid mistakes ehh?
-------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
Feb 2 2008, 01:29 AM
Post
#9
|
|
 New Member Group: Members Posts: 1 Joined: 1-February 08 Member No.: 187,658 |
In cases like limiting users' actions, I would recommend "Security Administrator v11.5". It has a wide variety of choices to limit actions taken by a user like editing stuffs, downloading things, etc.
-------------------- ©Crescent Moon Corp. ESET NOD32 Antivirus v3.0.621 : McAfee VirusScan Enterprise Edition : McAfee Firewall Corporate Edition : BitDefender Total Protection 2008 : Avira Premium Security Suite : Symantec Endpoint Protection : PC Tools Spyware Doctor : Sunbelt CounterSPy : Ad-Aware Professional : Spyware Terminator |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 04:10 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.