Well using the user ID bit is set (s) for several executables, which allows normal users to do things like ping and mount etc....
I assume it's reset those bits because you have your security set to high. If you feel it is safe for normal user to be allowed to ping and mount things then you can set the user ID bit on those executables again. Ex: chmod u+s /bin/ping
I have the user ID bit set on the following files in /bin:
-rwsr-xr-x 1 root audio 84001 Sep 20 2001 eject
-rwsr-xr-x 1 root root 68804 Sep 21 2001 mount
-rwsr-xr-x 1 root root 29680 Sep 20 2001 ping
-rwsr-xr-x 1 root root 17396 Sep 20 2001 ping6
-rwsr-xr-x 1 root root 31253 Sep 20 2001 su
-rwsr-xr-x 1 root root 35868 Sep 21 2001 umount
If you only want specific users to be able to use those executables then you will have to setup something with sudo.