Which Local Group to use

  • Thread starter Thread starter Branden Holloway
  • Start date Start date
B

Branden Holloway

This may be a little off topic, but here goes. Currently,
on our network, the users are local admins on their
machines. This has caused a MASSIVE spyware headache for
the IT staff. I would like to reduce permissions on the
users machines but some of our poorly written applications
require Power Users instead of just users. I know that
Power Users would be better then administrators on the
local machine, but would I really be able to reduce spyware
infection this way.

Any information would be greatly appreciated.

Thanks

Branden
 
For effective removal of Spyware, AntiSpyware has to be run as an
Administrator. It is still beta and recommend you wait until an Enterprise
solution is available from Microsoft scan networks for Spyware. It is
currently in consideration. In the mean time, the best thing you do is to
have those machines start in safe mode and thoroughly scanned using full
system scan. Scan Options > Full System scan.

Andre
 
Thanks for the recomendation, I believe that I may not have
given enough details though. What I am trying to do is
reduce the number of infected machines. I am of the
understanding that minimizing user access to the machine
will reduce the effect of spyware so that I can just blow
away a profile vs. rebuilding the machine. This is what I
am trying to accomplish. I am wondering whether or not the
Power Users group reduces access to the registry enough so
that spyware can only infect the HKey_Current_User and not
HKey_LocalMachine
 
In any enterprise environment it is not recommended run as either Power User
or Administrator 24-7, it is best to run those machines under a limited user
account.

Andre
 
I think he knows that as do I but we have applications written by folks who
break the MS rules and REQUIRE the user to be local admin or at a minimum a
power user - it's very annoying but the vendors are not being forced to do
things right. I would like to blame it on lazy programmers but I am not
wearing my flame retardant pjs right now!
 
I think you will see some major changes to that from Microsoft in this
product John. Windows Update Services will probably be the best way for
Admin's to ensure that unlimited accounts are protected with Enterprise
release of AntiSpyware.

Andre
 
Back
Top