Debugger User Groups

  • Thread starter Thread starter eli
  • Start date Start date
E

eli

I support 400 machines in my environment. At this point I
am trying to tweak the access rights by removing the admin
rights and adding the users to the debugger users group.
I cannot find that group on half of my machine.
My question is: What do I need to do to activate the
debugger users group?
Thank you in advance.
eli
 
Hello Eli,
You may want to read the link below on adding users to the debugger users
group.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsdebug/htm
l/vxtskinstallingdcom.asp

Essentially this gives your users the right to "Act as part of the
operating system" (SeTCB) which could lead to serious damage to your
environment if they should ever activate a virus or worm on your network.
Also if your users security is ever compromised an attacker could take over
your entire forest with a single users' account. He wouldn't need
administrative access. He could derive it from the compromised account.
That being said, this group is added to machines running Developer
software. i.e. Visual Studio. It is also added to 2003 servers. This
group was added to remove the debugger rights from priviledged accounts.
Which machines in particular are you seeing the groups versus the ones that
do not have the group?
 
Back
Top