Administrative Privileges
Does anyone know of any tool that is able to analyze applications during execution and report if the application really requires administrative rights. My environment here is such that over 1K pcs have been discovered to have business users with administrative rights.
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
Chipster
16 years ago
Process Monitor: http://www.microsoft.com/technet/sysinternals/SystemInformation/processmonitor.mspx
one of hte best tools out there for this.
It will morning all activity registry and file etc and wil catch those read/write executions.
the best method to do this will be to log on as a standard user, perform a runas on process monitor as an administrator (it requires admin rights to run). Then you run your application as the standard user and when you get error messages from the app, you look at the log to see what the item in question was.
one of hte best tools out there for this.
It will morning all activity registry and file etc and wil catch those read/write executions.
the best method to do this will be to log on as a standard user, perform a runas on process monitor as an administrator (it requires admin rights to run). Then you run your application as the standard user and when you get error messages from the app, you look at the log to see what the item in question was.
Posted by:
oofemioo
16 years ago
Thanks for all your replies. I think I am a bit ambitious with the product I require and probably ambiguous with my request.
I am not looking for a FileMon, RegMon, ProcMon- type application. I want something which is able to run an agent on all systems in the enterprise and report back on applications which require administrative privileges in order to execute. Procmon could then be used to track which parts of the system the application requires RW etc access to.
Thanks for all your responses. Please keep them coming.
I am not looking for a FileMon, RegMon, ProcMon- type application. I want something which is able to run an agent on all systems in the enterprise and report back on applications which require administrative privileges in order to execute. Procmon could then be used to track which parts of the system the application requires RW etc access to.
Thanks for all your responses. Please keep them coming.
Posted by:
Drye
16 years ago
Sounds like you should just setup a test machine with all of the corporate software on it and monitor it. I think it would be much easier than what I think you're asking. Procmon will tell you the app that's getting access denied. It should give you what you're looking for.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.