Bo Simonsen skrev:
>> Lars kj wrote:
>> I winnt(og 2000) kan man godt afvikle programmer under andre brugere
>> samtidig med at man er logget på som en anden bruger.
> Bliver det ikke lidt svært på en windows maskine?
Nej:
<URL:
http://www.microsoft.com/mspress/books/sampchap/1549.asp >
"This chapter discusses some of the tools that can help in the daily
business of network management.
Using the Secondary Logon
Recommended administrative practice dictates that an administrator be
logged on to a privileged account (one with administrative rights) only
while doing chores that require privileges. For ordinary work, the
administrator is supposed to log off from the privileged account and
then log on again to an ordinary account. Of course, it's not unusual
that ten minutes later a situation arises requiring use of the
privileged account. So then it's necessary to log off from the ordinary
account and log back on to the administrator account, with the process
reversed again a few minutes later.
After a few days of this, even the most security-conscious person
begins to toy with the idea of logging on to the administrator account
and staying there. And in time, most administrators succumb to the
temptation and stay in the privileged account most of the time.
This practice makes Microsoft Windows NT systems highly susceptible to
"Trojan horse" attacks. Just running Microsoft Internet Explorer and
accessing a nontrusted Web site can be very risky if done from an
administrator account. A Web page with Trojan code can be downloaded to
the system and executed. The execution, done in the context of
administrative privileges, will be able to do considerable mischief,
including such things as reformatting a hard disk, deleting all files,
or creating a new user with administrative access. When you think about
it, it's like handing the keys to your network to a complete (and
malicious) stranger.
This problem is finally addressed in Windows 2000 with the RunAs
service. This service enables you to work in a normal, nonprivileged
account and still access administrative functions without logging off
and then logging back on again. To set up the RunAs service, follow
these steps:
While logged on with administrative rights, choose RunAs Services from
the Administrative Tools menu.
In the list of services, double-click RunAs Service.
Ensure that Startup Type is set to Automatic and that Current Status is
set to Started. (If it isn't, click the Start button.) Click OK to
close the dialog box.
After performing these steps, create an ordinary user account for your
own use (if you don't have one already). Make sure that the user
account has the right to log on locally at the machine you want to
use."
--
Fix Outlook Express 5.*:
<URL:
http://home.in.tum.de/~jain/software/quotefix.php >