Help and Support

A member of the Power Users group may be able to gain administrator rights and permissions in Windows Server 2003, Windows 2000, or Windows XP

View products that this article applies to.
Article ID:825069
Last Review:February 5, 2007
Revision:3.3

SYMPTOMS

A member of the Power Users group may be able to gain additional rights and permissions on your computer, and may be able to gain complete administrative credentials. A member of the Power Users group may also be able to expose your computer to other security risks, such as running a virus or running a Trojan horse program.

Back to the top

CAUSE

By default, the rights and permissions that are granted to the Power Users group include those rights and permissions that are required to allow members of the Power Users group to modify computer-wide settings, to install drivers, and to run (or install) non-certified programs. For example, a member of the Power Users group could install a malicious program or a DLL, and then cause the administrator or a system service to run the malicious program or the DLL. By using this technique or other techniques, the member of the Power Users group may be able to gain additional rights and permissions on your computer, including complete administrative credentials.

Back to the top

RESOLUTION

To help prevent this problem, use these methods:
Do not use the Power Users group.
Deploy certified Microsoft Windows 2000 or Microsoft Windows Server 2003 programs in your enterprise. Programs that are certified for Windows 2000 or Windows Server 2003 are written to avoid requiring unnecessary access or administrator-level credentials.

Back to the top

MORE INFORMATION

The Power Users group is a built-in local group that primarily provides backward compatibility for running non-certified (or "legacy") programs. However, members of the Power Users group can also change COM object registrations, change file associations, change Start menu shortcuts, and install drivers for hardware devices. For additional information about the default rights and permissions that are granted to members of the Power Users group, visit the following Microsoft Web sites.
Privileges

http://technet2.microsoft.com/windowsserver/en/library/fa01a57a-a0ef-4cb9-af9a-f30182a25bf71033.mspx (http://technet2.microsoft.com/windowsserver/en/library/fa01a57a-a0ef-4cb9-af9a-f30182a25bf71033.mspx)

Logon rights

http://technet2.microsoft.com/windowsserver/en/library/244d92f3-7466-47ec-aee0-9723fc75c7961033.mspx (http://technet2.microsoft.com/windowsserver/en/library/244d92f3-7466-47ec-aee0-9723fc75c7961033.mspx)
For additional information about the Microsoft Certified for Windows program, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserver2003/partners/isvs/cfw.mspx (http://www.microsoft.com/windowsserver2003/partners/isvs/cfw.mspx)

Back to the top

APPLIES TO
Microsoft Windows Server 2003, 64-Bit Datacenter Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows XP Professional
Microsoft Windows XP Tablet PC Edition
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Server

Back to the top

Keywords: 
kbprb KB825069

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.