The Power in Power Users
Wednesday, 03 May 2006 by Michel Roth
Always a must read as far as I'm concerned: Mark Russinovich's Blog. This time he discusses the risks associated when making users a member of the power user group: Placing Windows user accounts in the Power Users security group is a common approach IT organizations take to get users into a least-privilege environment while avoiding the many pains of truly running as a limited user. The Power Users group is able to install software, manage power and time-zone settings, and install ActiveX controls, actions that limited Users are denied.

What many administrators fail to realize, however, is that this power comes at the price of true limited-user security. Many articles, including this Microsoft Knowledge Base article and this blog post by Microsoft security specialist Jesper Johansen, point out that a user that belongs to the Power Users group can easily elevate themselves to fully-privileged administrators, but I was unable to find a detailed description of the elevation mechanisms they refer to...

Read it all here.

Related Items:

Microsoft Security Bulletin For March 2006 (15 March 2006)
The Environment Is Hot: Citrix Power Smart (21 December 2007)
Circumventing Group Policy As A Limited User (13 December 2005)
Managing Terminal Services With Group Policy (15 March 2007)
AppSense Management Suite 6.1 (24 January 2006)
Thin Client and Power Over Ethernet (19 April 2006)
Using Group Policies And Scripting To Ensure A Consistent User Experience (12 June 2007)
Ericom Releases Free PowerTerm WebConnect For Windows Server 2008 (27 February 2008)
Web Interface Mod: Take Smart Card Authentication to the DMZ (7 September 2006)
Appsense Opens Up Dutch User Group (7 April 2006)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy