Wednesday, August 03, 2005

And I thought Power Users were a wise choice...

A lot of discussion is going on about the level of permissions one has when runing day-to-day tasks. This is not one day too early. The discussion has at least two branches: A) Administrators running without permissions and only having them when necessary and B) Standard users running as users, power users or local administrators.
Continuing on the B branch, I always thought that Power User were a pretty safe choice - at least it prevented the user from tampering with Group Policies.
This turns out to be a false feeling - even Microsoft warns us in this KB that Power Users are not safe:
A member of the Power Users group may be able to gain administrator rights and permissions in Windows Server 2003, Windows 2000, or Windows XP.

Unfortunately, there are no - useful - resolution to avoid this. I would have wanted a way to tweak Power Users, so it is safe. Microsoft claims that Power Users are intended for legacy stuff and wants you to only run software certified for Windows. Get real - LOL!

Well, anyway, I think Power User is still better than local administrators - i. e. until some easy-to-use tool makes elevating to administrator easy. You could also read
this post and its comments to get a feeling of how easy it is for an installation program to jeopardize the security of the system.

I came across the KB from the
Hall of Shame site.

BTW: Discussion A is covered

Let us hope they get it right in Vista a. k. a. Longhorn as they

No comments: