newguy said:
The place where I work does not have any type of policy for admin rights. My
question is this. Should users have local admin rights? I personaly think it
is a really a bad idea.
Agreed. It's generally a very bad idea to let the average PC user
operate with local administrative privileges.
Routinely using a computer with administrative privileges is not
without some risk. The computer (and LAN, by logical extension) will be
much more susceptible to some many types of malware, particularly adware
and spyware. While using a computer with limited privileges isn't the
cure-all, silver bullet that some claim it to be, any experienced IT
professional will verify that doing so definitely reduces that amount of
damage and depth of penetration by the malware. If a computer gets
infected/infested while the user is running as an administrator, the
odds are much greater that the malware will be extremely difficult, if
not impossible, to remove with formating the hard drive and starting
anew. The intruding malware will have the same privileges to all of the
files on the hard drive that the user does.
Another consideration in an organizational environment is the users
with administrative privileges are able to install any software they
want. This would include bandwidth-wasting peer-to-peer, file sharing
programs, which open the PC up for malware, and make the organization
financially (and potentially criminally) liable for any copyright
infringement.
If anyone out there agrees wtih me let me know and point me to any
documentation that will back up our point. If you don't agree please explain
why users should have local admin rights.
I'm sure that there are plenty of White Papers explaining network
security best practices, but -- at least for me -- this would be like
documenting why it's a bad idea to step in front of an on-coming train.
--
Bruce Chambers
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH