JSI Tip 7808. A member of Power Users can gain administrative privileges in Windows 2000, Windows XP, and Windows Server 2003?

Since a member of the Power Users group can install and run non-certified programs, they can run a malicious program or DLL to gain administrative privileges.

The only preventions are:

- DO NOT configure any user as a member of the Power Users group.

- Only deploy certified Windows 2000 or Windows Server 2003 programs, as these DO NOT require unnecessary privileges.

See the following pages:

Privileges.

Logon rights.

The Microsoft Certified for Windows program.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish