Since a member of the Power Users group can install and run non-certified programs, they can run a malicious program or DLL to gain administrative privileges.

The only preventions are:

- DO NOT configure any user as a member of the Power Users group.

- Only deploy certified Windows 2000 or Windows Server 2003 programs, as these DO NOT require unnecessary privileges.

See the following pages:


Logon rights.

The Microsoft Certified for Windows program.