Application Impact Management is a fancy name for the virtual sandbox that Microsoft is creating for applications that attempt to use resources that the limited user account (LUA) doesn't have permissions to use.
While some of the advertised features of Longhorn have fallen off of the table, enhanced LUA capability remains. The specifics of this capability are beginning to appear. One change is the deprecation of the Power Users group.
This group effectively gives the user administrator rights, and has therefore been deprecated in order to simplify the security model. This is a good thing, as Power Users is nothing more than a false sense of security. There are now only least privilege (LUA) and administrator accounts. These apply to both services and interactive accounts.
Way too many administrators. This is clear. This is made clear through the interpretation of some of the compliance regulations such as SarBox and HIPAA and others. This is clear from our internal security audits. It seems that every time someone asks how many domain administrators there are in a given enterprise the answer is much smaller than the reality. When we talk about local administrator rights, the numbers are staggering.
John Savill's Microsoft Stack Master Class
Join John Savill for the ALL NEW Microsoft Stack Master Class!
Thursdays, October 8th to December 17th
11am, 1pm, and 3pm Eastern Time
John will cover topics including:
* Deploying, Managing, and Maintaining Windows * Key Features of Active Directory from Windows 2000 to Windows Server 2012 R2 PLUS Windows Server 2016 * Windows Server 2012 and 2012 R2 Hyper-V and Complementary Features * Key elements of Microsoft System Center 2012 and System Center 2012 R2 and major changes in the 2016 wave * Deploying, Migrating to, and Managing Hyper-V in Your Organization * Implementing a Private Cloud * Using PowerShell to Automate Common tasks * And much more!