The Power with Power Users

by Chris Sanders [Published on 12 April 2007 / Last Updated on 12 April 2007]

The power users group is often misused and can lead to the compromise of a system. Here is why this can happen.

The power users group is often used without knowledge of how much actual power it gives a user. With Power User privileges a person can modify certain computer-wide settings, create user accounts, install device drivers (signed or unsigned), and install uncertified programs.

These privileges are more than enough for a member of this group to be able to install a malicious file onto the system so that an administrator of the machine could execute it and completely compromise the system.

This being the case, unless you have a specific reason for a group of users to be members of the power users group then they should probably be in the users group. If you must have them in the power users group then a good idea is to use group policy to further enhance the security of those machines being accessed.

***

Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.

Featured Links