http://www.windowsitpro.com/authors/author/author/5777827/rsscomment/5777827en-USSun, 27 May 2012 07:46:17 GMTSun, 27 May 2012 07:46:17 GMThttp://www.windowsitpro.com/article/security/managing-security-dependencies-windows-networks-142470#commentsAnchorThu, 03 May 2012 14:01:40 GMT
Question. If UAC is enabled and an admin password was required to install software, the secure desktop would protect the admin password from malware running under the user's credentials, correct?]]>RichThu, 03 May 2012 14:01:40 GMThttp://www.windowsitpro.com/article/security/managing-security-dependencies-windows-networks-142470#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-security-dependencies-windows-networks-142470#commentsAnchorMon, 23 Apr 2012 04:17:04 GMT
Good artcile Russel. Just there is one issue: "/force" switch is not necessary when you give gpupdate command. Normally, group policy changes are applied when you "gpupdate" only. In some rare occasions, when windows misjudges the change info, only then it is necessary to use that switch. Furthermore, /force switch makes the update slower in fact because it tries to update all relevant group policy settings instead of only the changes.]]>murat yildirimogluMon, 23 Apr 2012 04:17:04 GMThttp://www.windowsitpro.com/article/security/managing-security-dependencies-windows-networks-142470#commentsAnchorhttp://www.windowsitpro.com/article/product-review/comparative-review-ad-migration-tools-141928#commentsAnchorThu, 23 Feb 2012 18:44:08 GMT
Another remark about QMM and about: However, the Migration Manager GUI can be a little fussy in how it accepts certain information. For example, when trying to create a new domain migration pair, you have to enter the source domain information in a specific format before the wizard allows you to continue. The Browse buttons in the wizard don't work, forcing you to enter the information manually and in the correct format, which isn't very user friendly. When creating a domain pair the wizard offers to specify the Domain or a Domain Controller name or offers to use the Browse button to select the domain or the DC. In a correctly configured environment the Browse button works nicely and shows all domains, and a double-click on a domain shows (expands) all available Domain Controllers. I agree, it is hard to figure out intuitively that eg. a DC should be specified in following format: \\DCNAME. And if name resolution is configured and working then the tool will accept any format, short names (NETBIOS) or FQDN. But using the browse button eliminates the need to type anything. I wish I was there and could assist Russel with some hints :)]]>ShepherdThu, 23 Feb 2012 18:44:08 GMThttp://www.windowsitpro.com/article/product-review/comparative-review-ad-migration-tools-141928#commentsAnchorhttp://www.windowsitpro.com/article/product-review/comparative-review-ad-migration-tools-141928#commentsAnchorThu, 23 Feb 2012 18:30:28 GMT
I just wanted to comment on this: Migration sessions can't be copied in the GUI, but you can import or export objects for migration, which makes it much faster to create new migration sessions. Actually they can be "copied". Any existing migration session can be used as template. By right-mouse clicking on an existing Migration Session you can start a new session, and all the settings from the old session will be retained, you need only to provide a new name for the session. The only caveat is - the previous user/group selection is being shown but is not retained, ideally you should remove the objects and select them again. The Quest KB has many articles describing all this in greater details.]]>ShepherdThu, 23 Feb 2012 18:30:28 GMThttp://www.windowsitpro.com/article/product-review/comparative-review-ad-migration-tools-141928#commentsAnchorhttp://www.windowsitpro.com/article/security/deciphering-pki-and-encryption-129847#commentsAnchorSun, 12 Jun 2011 11:57:37 GMT
The Instant Doc ID 129847 points back to this article. What is the Instant Doc ID for the web sidebar "common Encryption and Hash Standards"?]]>tlingerSun, 12 Jun 2011 11:57:37 GMThttp://www.windowsitpro.com/article/security/deciphering-pki-and-encryption-129847#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorThu, 07 Apr 2011 21:44:18 GMT
Given the lengths you go to to secure privileged accounts here, shouldn’t you also look at products that do much of this automatically? e.g., randomize and update service account passwords; control access to admin logins with ACLs and workflows; randomize all sensitive passwords daily; etc.? One such product is Hitachi ID Privileged Password Manager: http://hitachi-id.com/ Just saying.. :-) -- Idan]]>idanThu, 07 Apr 2011 21:44:18 GMThttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorhttp://www.windowsitpro.com/article/security/review-vipre-enterprise-premium-4-0#commentsAnchorTue, 25 Jan 2011 09:59:18 GMT
Disclosure: My company represents GFI Software. There are a number of factual errors in this review that readers should be aware of, starting with the reviewer using the wrong company name for the vendor (it is GFI Software, not Sunbelt Software).

More substantively, the review also misrepresents the following:

1)VIPRE does support any Opswat-supported NAC (in other words, VIPRE supports 90% of the NACs out there today).

2) GFIs research and experience clearly shows that device control is a low on the list of feature priorities for administrators (we have hundreds of surveys to back this up). To raise this as a "major" shortcoming shows a lack of understanding of this publication’s audience.

3) The fact that VIPRE is one of the most popular business antivirus products on the market today, with more than 23,000 enterprises using it (almost all fitting the profile of this publication’s audience), and that fact that VIPRE’s customer satisfaction levels are higher than those of any other competitive vendor’s, including those mentioned in this review, should at least provide some degree of proof that GFI has prioritized its feature set correctly. For that reason, a broad condemnation such as consider looking at other endpoint security solutions is gratuitous at best, and ill-informed at worst.

]]>MurphyTue, 25 Jan 2011 09:59:18 GMThttp://www.windowsitpro.com/article/security/review-vipre-enterprise-premium-4-0#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorMon, 09 Aug 2010 18:29:43 GMT
(please ignore double post - refreshed an old browser window and it sent message again...sorry).

Thanks Russell - I’ll try both your suggestions. Regards, Bryce.]]>StenbergMon, 09 Aug 2010 18:29:43 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorMon, 09 Aug 2010 18:20:58 GMT
Thanks Russell - good article. I still have one situation I can’t get around - I was hoping you may have some ideas to help. When some machines are logged on with admin accounts I want some commands to run that are in the startup folder but they need elevated admin rights - instead of even prompting they just fail to run putting out a message to command window ’The requested operation requires elevation (Run as administrator)’. I don’t think I can change the manifest for the command prompt, if one even exists. For example one command is a ’netsh’ run from a ’.cmd’ file. I tried creating a shortcut to it and then under ’properties, compatability tab’ set the option ’run this program as administrator’, but this is always greyed out. Do you know of a way around this sort of issue without turning off UAC?
On more than one occassion I’ve wanted batch files to run that need elevated privilege and would even find it acceptable if the user was just prompted for elevation instead of commands failing and user having to manually open a command prompt with admin privilege and then navigate to batch file and run it. Is there a way to do any of this with Windows 7 that is a domain member? Thanks.]]>Mon, 09 Aug 2010 18:20:58 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorMon, 09 Aug 2010 05:00:06 GMT
Thanks Paul for your comment. It’s an important point that might be interesting to cover in a future article.]]>SmithMon, 09 Aug 2010 05:00:06 GMThttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorMon, 09 Aug 2010 04:56:12 GMT
The easiest way around this would be to set up a Group Policy startup script to run the netsh command. GPO startup scripts run in the context of the local machine account, which has administrative privileges. As the name suggests however, startup scripts run once before users log on.
If the netsh command must run as users log on, the elevation power toy (http://technet.microsoft.com/en-us/magazine/2007.06.utilityspotlight.aspx) should do the trick.]]>SmithMon, 09 Aug 2010 04:56:12 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorSun, 08 Aug 2010 17:11:31 GMT
Thanks Russell - good article. I still have one situation I can’t get around - I was hoping you may have some ideas to help. When some machines are logged on with admin accounts I want some commands to run that are in the startup folder but they need elevated admin rights - instead of even prompting they just fail to run putting out a message to command window ’The requested operation requires elevation (Run as administrator)’. I don’t think I can change the manifest for the command prompt, if one even exists. For example one command is a ’netsh’ run from a ’.cmd’ file. I tried creating a shortcut to it and then under ’properties, compatability tab’ set the option ’run this program as administrator’, but this is always greyed out. Do you know of a way around this sort of issue without turning off UAC?
On more than one occassion I’ve wanted batch files to run that need elevated privilege and would even find it acceptable if the user was just prompted for elevation instead of commands failing and user having to manually open a command prompt with admin privilege and then navigate to batch file and run it. Is there a way to do any of this with Windows 7 that is a domain member? Thanks.]]>StenbergSun, 08 Aug 2010 17:11:31 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorFri, 23 Jul 2010 01:46:38 GMT
Thanks for the feedback. Maybe the executable really does require administrative privileges to run? So when you force it to start as a standard user it fails to launch or hangs. You might try using Process Monitor from the Sysinternals tool set to investigate the problem further.]]>SmithFri, 23 Jul 2010 01:46:38 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorFri, 23 Jul 2010 01:46:00 GMT
Thanks for the feedback. Maybe the executable really does require administrative privileges to run? So when you force it to start as a standard user it fails to launch or hangs. You might try using Process Monitor from the Sysinternals tool set to investigate the problem further.]]>SmithFri, 23 Jul 2010 01:46:00 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorSat, 03 Jul 2010 11:12:43 GMT
Great Article Russ, we are trying to edit an executible to not pop up the UAC prompt as part of is running in login script. I tried using the heaven tools to edit the manifest and change the Sat, 03 Jul 2010 11:12:43 GMThttp://www.windowsitpro.com/article/security/solving-user-account-problems#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorThu, 01 Jul 2010 12:35:32 GMT
Russell, thanks for this article. In addition to built-in administrator accounts and service accounts, many regulatory standards now require you to secure the privileged credentials used by your applications to access databases, middleware, and other application tiers. Applications can store these credentials in encrypted format (good), in plain text files (not good), or compiled into the code (scary bad). For more on securing these credentials visit the Identity Week blog (http://www.IdentityWeek.com/safeguarding-application-credentials/).]]>Paul D.Thu, 01 Jul 2010 12:35:32 GMThttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorMon, 28 Jun 2010 09:59:55 GMT
The hyperlinks to the figures are now working. We apologize for the oversight.

--Amy Eisenberg, Executive Editor]]>Amy EisenbergMon, 28 Jun 2010 09:59:55 GMThttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorThu, 10 Jun 2010 11:26:23 GMT
Sorry but there are no figures to see. can You please include this files in the article?]]>HuttenloherThu, 10 Jun 2010 11:26:23 GMThttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorhttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorTue, 01 Jun 2010 14:08:38 GMT
You should also consider using a more robust privilege management system such as the one from Viewfinity. BeyondTrust has quite a few gotchas: http://www.viewfinity.com/Products/PrivilegeManagement/Default.aspx]]>Rod TrentTue, 01 Jun 2010 14:08:38 GMThttp://www.windowsitpro.com/article/security/managing-privileged-access-to-servers#commentsAnchorhttp://www.windowsitpro.com/article/encrypting-file-system-efs/simplify-efs-deployment-#commentsAnchorTue, 22 Dec 2009 05:26:45 GMT
Bitlocker is for full volume encryption in Vista, Windows 7 (Enterprise and Ultimate), Windows Server 2008 and R2. Windows 7 Bitlocker also supports removable drives. All files appear as decrypted to all users once the OS has loaded. EFS encrypts data files once the operating system has loaded and is additionally available in Windows 2000 and XP Professional. Users can individually choose to encrypt non-OS files. If a second user gets physical access to the hard disk, they can’t access files encrypted on the disk by other users. If the files were protected only by NTFS Access Control Lists (ACLs), i.e. no EFS, it’s easy to change ACLs if you have physical access to the disk. See Microsoft’s own comparison of Bitlocker and EFS for more detailed information: http://windows.microsoft.com/en-us/windows7/Whats-the-difference-between-BitLocker-Drive-Encryption-and-Encryp ting-File-System Bitlocker and EFS can be used together.]]>RussellTue, 22 Dec 2009 05:26:45 GMThttp://www.windowsitpro.com/article/encrypting-file-system-efs/simplify-efs-deployment-#commentsAnchorhttp://www.windowsitpro.com/article/encrypting-file-system-efs/simplify-efs-deployment-#commentsAnchorMon, 21 Dec 2009 03:09:25 GMT
I want to know more about de difference between EFS and Bitloccker]]>KarimMon, 21 Dec 2009 03:09:25 GMThttp://www.windowsitpro.com/article/encrypting-file-system-efs/simplify-efs-deployment-#commentsAnchorhttp://www.windowsitpro.com/article/security/acl-enhancements-in-windows-vista-and-windows-server-2008#commentsAnchorThu, 10 Dec 2009 14:53:41 GMT
In response to Dan Holme’s comment, the author says, "Setting DENY:WRITE_DAC prevents the owner from changing the ACL but unlike ALLOW:MODIFY, ensures that if a user is removed from a group as described in the article, they no longer have read/write access to files/folders they created. This might be important if a user has created shortcuts to files/folders they own. However, as Dan points out, the Owner Rights SID is intended to be used with ALLOW:MODIFY permission to mask the owner’s ability to modify ACLs, and this should have been pointed out in the article."]]>LAVONThu, 10 Dec 2009 14:53:41 GMThttp://www.windowsitpro.com/article/security/acl-enhancements-in-windows-vista-and-windows-server-2008#commentsAnchorhttp://www.windowsitpro.com/article/security/acl-enhancements-in-windows-vista-and-windows-server-2008#commentsAnchorThu, 10 Dec 2009 14:53:11 GMT
According to Dan Holme, "OWNER RIGHTS should be given ALLOW:MODIFY permission, rather than DENY:WRITE DAC. This achieves the same goal (preventing the owner from changing the ACL) without the bad side effects."]]>LAVONThu, 10 Dec 2009 14:53:11 GMThttp://www.windowsitpro.com/article/security/acl-enhancements-in-windows-vista-and-windows-server-2008#commentsAnchorhttp://www.windowsitpro.com/article/security/acl-enhancements-in-windows-vista-and-windows-server-2008#commentsAnchorThu, 10 Dec 2009 14:52:06 GMT
According to Dan Holme, "OWNER RIGHTS should be given ALLOW:MODIFY permission, rather than DENY:WRITE DAC. This achieves the same goal (preventing the owner from changing the ACL) without the bad side effects."]]>LAVONThu, 10 Dec 2009 14:52:06 GMThttp://www.windowsitpro.com/article/security/acl-enhancements-in-windows-vista-and-windows-server-2008#commentsAnchorhttp://www.windowsitpro.com/article/group-policy/safely-deploy-security-templates#commentsAnchorThu, 10 Dec 2009 14:36:51 GMT
The link to download the Windows Server 2003 Security Guide is now fixed; thanks for the feedback!]]>LAVONThu, 10 Dec 2009 14:36:51 GMThttp://www.windowsitpro.com/article/group-policy/safely-deploy-security-templates#commentsAnchorhttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorFri, 23 Oct 2009 03:49:53 GMT
The .NET Framework is required for many administration tools, not just ACT. MSDE - or SQL Express for newer versions of ACT - is not required to run Compatibility Administrator, the tool described in this article. Whether sysadmins have time to develop and deploy application compatibility fixes using ACT very much depends on company culture. While I agree that an on-the-fly solution built in to Windows would be nice, it is possible to buy 3rd-party applications, such as Beyond Trust’s Privilege Manager, that provide such functionality.]]>RussellFri, 23 Oct 2009 03:49:53 GMThttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorhttp://www.windowsitpro.com/article/group-policy/safely-deploy-security-templates#commentsAnchorWed, 16 Sep 2009 17:28:56 GMT
Link to download the Security Guide is dead.]]>EdWed, 16 Sep 2009 17:28:56 GMThttp://www.windowsitpro.com/article/group-policy/safely-deploy-security-templates#commentsAnchorhttp://www.windowsitpro.com/article/encryption2/use-ipsec-to-encrypt-data#commentsAnchorMon, 15 Jun 2009 15:31:19 GMT
still readin ghe article]]>kennethMon, 15 Jun 2009 15:31:19 GMThttp://www.windowsitpro.com/article/encryption2/use-ipsec-to-encrypt-data#commentsAnchorhttp://www.windowsitpro.com/article/virtualization/app-v-security#commentsAnchorThu, 04 Jun 2009 07:26:27 GMT
This article was obviously written nearly a year ago. The article mentions the "imminent release" of a version of software that has been released for about 9 months.]]>JordanThu, 04 Jun 2009 07:26:27 GMThttp://www.windowsitpro.com/article/virtualization/app-v-security#commentsAnchorhttp://www.windowsitpro.com/article/internet/configuring-ssl-vpns-for-secure-public-terminal-connections#commentsAnchorThu, 05 Mar 2009 13:04:34 GMT
Thanks for your comment and helpful feedback. You might want to check out the article, “Secure Connectivity on the Road,” http://windowsitpro.com/article/articleid/94902/secure-connectivity-on-the-road.html, which describes how to set up an open-source VPN that works on Server 2003 and XP and other pre-Vista/Server 2008 OSs. You might also check the articles listed under the VPN topic on Windowsitpro.com, at http://windowsitpro.com/Topics/index.cfm?action=ArticleList&ChildTopicID=1274. (Or click Topics in the top menu, then expand the Security topic and click Virtual Private Network (VPN).)]]>AnneThu, 05 Mar 2009 13:04:34 GMThttp://www.windowsitpro.com/article/internet/configuring-ssl-vpns-for-secure-public-terminal-connections#commentsAnchorhttp://www.windowsitpro.com/article/internet/configuring-ssl-vpns-for-secure-public-terminal-connections#commentsAnchorThu, 05 Mar 2009 10:33:15 GMT
The article describes Server 2008 and Vista because the capability is native. A description of whether this is possible and how to do it with 2003 and XP would be helpful.]]>DougThu, 05 Mar 2009 10:33:15 GMThttp://www.windowsitpro.com/article/internet/configuring-ssl-vpns-for-secure-public-terminal-connections#commentsAnchorhttp://www.windowsitpro.com/article/internet/configuring-ssl-vpns-for-secure-public-terminal-connections#commentsAnchorMon, 25 Aug 2008 03:27:17 GMT
as;jfksadjfklsdjfkjsdkfa]]>chmq07 Mon, 25 Aug 2008 03:27:17 GMThttp://www.windowsitpro.com/article/internet/configuring-ssl-vpns-for-secure-public-terminal-connections#commentsAnchorhttp://www.windowsitpro.com/article/desktop-management/introduction-to-software-restriction-policies#commentsAnchorThu, 12 Jun 2008 02:15:15 GMT
i cant see the article and i need to restrict some some software installation on some user’s ou very urgently.]]>rahmanThu, 12 Jun 2008 02:15:15 GMThttp://www.windowsitpro.com/article/desktop-management/introduction-to-software-restriction-policies#commentsAnchorhttp://www.windowsitpro.com/article/desktop-management/introduction-to-software-restriction-policies#commentsAnchorThu, 05 Jun 2008 15:43:15 GMT
Document is very interesting to me. Thank you.]]>MoteThu, 05 Jun 2008 15:43:15 GMThttp://www.windowsitpro.com/article/desktop-management/introduction-to-software-restriction-policies#commentsAnchorhttp://www.windowsitpro.com/article/internet/secure-your-desktops-using-srps-hidden-security-levels#commentsAnchorThu, 05 Jun 2008 10:34:25 GMT
All fixed now! Enjoy!!]]>LAVONThu, 05 Jun 2008 10:34:25 GMThttp://www.windowsitpro.com/article/internet/secure-your-desktops-using-srps-hidden-security-levels#commentsAnchorhttp://www.windowsitpro.com/article/internet/secure-your-desktops-using-srps-hidden-security-levels#commentsAnchorThu, 05 Jun 2008 09:16:12 GMT
Thanks, we’re working on it. (As well as on the Figure links.)]]>LAVONThu, 05 Jun 2008 09:16:12 GMThttp://www.windowsitpro.com/article/internet/secure-your-desktops-using-srps-hidden-security-levels#commentsAnchorhttp://www.windowsitpro.com/article/internet/secure-your-desktops-using-srps-hidden-security-levels#commentsAnchorThu, 05 Jun 2008 08:59:21 GMT
When clicking the Download Code Here button above, a Page Not Found Message is displayed: http://www.securityprovip.com/Files/51/98964/98964.zip]]>VinceThu, 05 Jun 2008 08:59:21 GMThttp://www.windowsitpro.com/article/internet/secure-your-desktops-using-srps-hidden-security-levels#commentsAnchorhttp://www.windowsitpro.com/article/encryption2/securing-rdp-#commentsAnchorWed, 30 Apr 2008 06:22:48 GMT
none]]>nnekaWed, 30 Apr 2008 06:22:48 GMThttp://www.windowsitpro.com/article/encryption2/securing-rdp-#commentsAnchorhttp://www.windowsitpro.com/article/encryption2/office-2007-s-security-features-in-a-legacy-office-environment#commentsAnchorSun, 17 Feb 2008 10:14:30 GMT
Thank you for explainiing MOICE from a functional level.]]>TERRYSun, 17 Feb 2008 10:14:30 GMThttp://www.windowsitpro.com/article/encryption2/office-2007-s-security-features-in-a-legacy-office-environment#commentsAnchorhttp://www.windowsitpro.com/article/encryption2/office-2007-s-security-features-in-a-legacy-office-environment#commentsAnchorFri, 15 Feb 2008 14:44:31 GMT
Testing Security Pro VIP comments]]>ChristanFri, 15 Feb 2008 14:44:31 GMThttp://www.windowsitpro.com/article/encryption2/office-2007-s-security-features-in-a-legacy-office-environment#commentsAnchorhttp://www.windowsitpro.com/article/administration-tools2/advanced-group-policy-management-extends-group-policy-management-console#commentsAnchorFri, 14 Dec 2007 06:19:33 GMT
GOOD]]>raviFri, 14 Dec 2007 06:19:33 GMThttp://www.windowsitpro.com/article/administration-tools2/advanced-group-policy-management-extends-group-policy-management-console#commentsAnchorhttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorMon, 15 Jan 2007 01:06:07 GMT
Please note that since originally writing this article, Winternal’s ’Protection Manager’ product is no longer available. Russell Smith]]>RussellMon, 15 Jan 2007 01:06:07 GMThttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorhttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorWed, 27 Dec 2006 17:58:44 GMT
"log on to Windows as an administrator and install ACT": Such a simple-sounding instruction. There’s no hint that it requires: - finding, downloading, installing, and updating the Microsoft .NET Framework 1.1; - finding, downloading and installing the security-hole-ridden MSDE 2000; - figuring out a way to upgrade MSDE 2000 to Service Pack 4, in an attempt to secure it. Most of you will find that "log on to Windows as an administrator and install ACT" will require several hundred megabytes of hard disk space and several hours of your time. Is it worth that to find a compatibility solution for one application? I can hear some of you now: "You can do this once on your desktop PC, you don’t have to do it for every application you test". Ah, but that’s only if you test applications on your desktop PC. I don’t, and I doubt you do either. I test on separate test machines or in virtual machines (VMs), that are reinitialized after every test. So, yes, I do have to do this massive setup for every application I test. Because of this huge overhead, ACT 4.1, and the forthcoming 5.0, are not useful to most of us. (The new 5.0 version has one advantage: it will use SQL Server Express 2005 instead of MSDE.) I hope Microsoft will rethink this approach, and give us a toolset we can use on the fly. After all, it’s "on the fly" that most of us are asked to solve compatibility problems.]]>SandeWed, 27 Dec 2006 17:58:44 GMThttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorhttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorWed, 27 Dec 2006 17:57:01 GMT
"log on to Windows as an administrator and install ACT": Such a simple-sounding instruction. There’s no hint that it requires: - finding, downloading, installing, and updating the Microsoft .NET Framework 1.1; - finding, downloading and installing the security-hole-ridden MSDE 2000; - figuring out a way to upgrade MSDE 2000 to Service Pack 4, in an attempt to secure it. Most of you will find that "log on to Windows as an administrator and install ACT" will require several hundred megabytes of hard disk space and several hours of your time. Is it worth that to find a compatibility solution for one application? I can hear some of you now: "You can do this once on your desktop PC, you don’t have to do it for every application you test". Ah, but that’s only if you test applications on your desktop PC. I don’t, and I doubt you do either. I test on separate test machines or in virtual machines (VMs), that are reinitialized after every test. So, yes, I do have to do this massive setup for every application I test. Because of this huge overhead, ACT 4.1, and the forthcoming 5.0, are not useful to most of us. (The new 5.0 version has one advantage: it will use SQL Server Express 2005 instead of MSDE.) I hope Microsoft will rethink this approach, and give us a toolset we can use on the fly. After all, it’s "on the fly" that most of us are asked to solve compatibility problems.]]>SandeWed, 27 Dec 2006 17:57:01 GMThttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorhttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchorWed, 27 Dec 2006 17:56:34 GMT
"log on to Windows as an administrator and install ACT": Such a simple-sounding instruction. There’s no hint that it requires: - finding, downloading, installing, and updating the Microsoft .NET Framework 1.1; - finding, downloading and installing the security-hole-ridden MSDE 2000; - figuring out a way to upgrade MSDE 2000 to Service Pack 4, in an attempt to secure it. Most of you will find that "log on to Windows as an administrator and install ACT" will require several hundred megabytes of hard disk space and several hours of your time. Is it worth that to find a compatibility solution for one application? I can hear some of you now: "You can do this once on your desktop PC, you don’t have to do it for every application you test". Ah, but that’s only if you test applications on your desktop PC. I don’t, and I doubt you do either. I test on separate test machines or in virtual machines (VMs), that are reinitialized after every test. So, yes, I do have to do this massive setup for every application I test. Because of this huge overhead, ACT 4.1, and the forthcoming 5.0, are not useful to most of us. (The new 5.0 version has one advantage: it will use SQL Server Express 2005 instead of MSDE.) I hope Microsoft will rethink this approach, and give us a toolset we can use on the fly. After all, it’s "on the fly" that most of us are asked to solve compatibility problems.]]>SandeWed, 27 Dec 2006 17:56:34 GMThttp://www.windowsitpro.com/article/permissions/running-legacy-applications-as-a-least-privileged-user-#commentsAnchor