what kind of user rights yo give to domain users?

  • Thread starter Thread starter inenewbl
  • Start date Start date
I

inenewbl

Hi all. I would like to check with the domain administrators out there, what
kind of user rights are given to user accounts on their local pc. I know it
is best to give only normal user rights instead of admin rights so that users
are unable to install programs downloaded from the internet that may infect
the pc. However by doing so my users face alot of problems accessing customer
websites that require installation of activeX as they are unable to do so.
Hence i would like to normal what other administrators are doing to solve
this issue. Thks in advance.
 
This is really a separate issue from domain priveleges, it's more to do with
IE security settings.

Allowing IE to download and install Activex controls from untrusted sites is
EXTREMELY risky. You really don't wanna do that! In fact, this is the the
second most-common way in which malware gets itself installed. (The first
being by simply duping the user to install a 'cool screensaver' or suchlike)

My advice would be to install Firefox, Seamonkey or Opera on all desktops
(you can push-install from a logon script to save effort) and set policies
forcing the highest security settings onto Internet Explorer for untrusted
sites, if that isn't already the case.

As for browser plugins I normally preinstall Real Alternative, Quicktime
Alternative, and Flash 9. These cover the vast majority of requirements.
Users are forbidden to install other plugins themselves, because of the risk
of duping.
 
Alas, there isn't much you can do with Windows XP here. Vista includes the
ActiveX Installer Service, which allows you to define through group policy
which URLs standard users can install ActiveX controls from.
 
But can i know what kind of priviledge do you give to your users? ActiveX
issues are just 1 of the problem i face. Thks in advance.
 
Back
Top