General discussion

Locked

VB users

By ferhad_khanzada ·
I've 120 VB users but most of the time they demand local Administrator or Power user rights to work on API etc. but I want that they should use their Domain logins with minimum rights.
Please guide me what rights I should assigne them on local machines to avoid assigning administrative or power user privileges.
I am using W2k (Advance Server) with service pack 3.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by erikdr In reply to VB users

Sorry, but there is no easy solution. A software developer in Windows software does need quite some rights. There are a few options, each of them focusing on the fact that you want to separate the developers realm (local admin rights, unsecure and unmanaged by nature) from the 'production' realm. Which will include e-mail, Office including home directory.
a) Have the production stuff on Citrix or Terminal Services. Do not allow interaction between the TS client and the local desktop (e.g. no file transfer). Make also sure that users cannot cross the domain border by commands like NET USE /U: (using TS id for direct file share access), can be accomplished by stripping the TS user groups from any risky rights.
b) Work with separate PC's for development and production, and a transfer zone (isolation zone) in between where only checked stuff can pass through.

Hope this helps,

<Erik> - The Netherlands

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums