Determining of Users Require Local Admin Rights

M

Mike Chavez

In the pursuit of security and limiting the needless right's of users, I am
investigating what kind of local permissions are needed by my Windows XP
users. Currently all users have local Administrator rights to their PC's.

If anyone aware of a tool or simple method that can determine if users need
local administrator rights? For example, a tool that will notify you if the
application made a change to the registry or wrote to program files in a way
that only administrators can do? My users span several different networks
and the applications are all accross the board.

My last resort is to call the vendors of the applications being used, but
this will be quite a burden. If anyone has any ideas to better anyalyze
this, please let me know.

Thank you!
 
S

Shenan Stanley

Mike said:
In the pursuit of security and limiting the needless right's of
users, I am investigating what kind of local permissions are needed
by my Windows XP users. Currently all users have local
Administrator rights to their PC's.
If anyone aware of a tool or simple method that can determine if
users need local administrator rights? For example, a tool that
will notify you if the application made a change to the registry or
wrote to program files in a way that only administrators can do? My users
span several different networks and the applications are
all accross the board.
My last resort is to call the vendors of the applications being
used, but this will be quite a burden. If anyone has any ideas to
better anyalyze this, please let me know.
Click to expand...

They don't _need_ administrative rights.

You can use filemon and regmon to determine what an application does all the
time. However - for most applications, it may need rights to its own folder
or its own registry values (or the user's folders/registry values) - but any
well-written modern Windows application should not need administrative
rights to run.

The exceptions are few and far between.
 
M

Mike Chavez

Hello Shenan,

Thank you for taking the time to reply. I will look into the filemon/regmon
apps.

Regards,

Mike Chavez
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Admin Rights 1
Local Admin rights 5
windows updates without admin rights 2
USB flash drives require Admin rights 6
admin rights 1
Restricting rights to the local "c" drive 4
Local admin rights. 1
Remotely Verifying Rights of Local Accounts 2

Top