Local Administrator Account & Corporate Network

L

ltspock

We currently have all our users as local administrators. A couple of years ago
we attempted to restrict our desktops, but fail short due to particular
applications requiring local permissions while the user themselves were logged
in.

We continue to fall flat when applications we do not want installed, example:
Google Toolbars, google earth, and Google search (most recent events).

The problem is that there are several web-based applications that are used
throughout our office that require installing plug-ins, Palm devices that
require administrator permissions to install, and other situations where the
past attempt failed.

The Run As does not always seem to be a valid option. Programs like the palm
will write several entries under HKCU, so logging into the workstation as admin
is not an option.

I have made several forum posts where people have question why we are using
Administrator permissions on our workstation. Am I missing something here?

Thanks,
 
S

Shenan Stanley

jeffh said:
We currently have all our users as local administrators. A couple
of years ago we attempted to restrict our desktops, but fail short
due to particular applications requiring local permissions while
the user themselves were logged in.

We continue to fall flat when applications we do not want
installed, example: Google Toolbars, google earth, and Google
search (most recent events).

The problem is that there are several web-based applications that
are used throughout our office that require installing plug-ins,
Palm devices that require administrator permissions to install, and
other situations where the past attempt failed.

The Run As does not always seem to be a valid option. Programs like
the palm will write several entries under HKCU, so logging into the
workstation as admin is not an option.

I have made several forum posts where people have question why we
are using Administrator permissions on our workstation. Am I
missing something here?
Click to expand...

Very few applications (if any) truly need full administrative rights to
*run*.

Sure - they may need write permission to a select directory or three.. They
may even need certain special rights to some registry keys/values. But very
few are still so badly designed that they will not run or configure under a
regular user account after they are installed.

If you are saying you are having trouble because those in your office need
to install things frequently - that is a whole different story. That is
handled by policies - political policies. This means the management of the
company in question has to allow the IT department some ability to restrict
what may be on the machine for stability and security reasons - otherwise
there is no real point in the department other than fixing the problems
caused by habving all these users setup as admins so they can install/do
whatever they like.

The google products do not need to have admin rights to run.
Palm devices may require admin rights to install - but not to run.

And I wouldn't want my users installing random devices on the system
anyway - and especially not random software. After all - these are work
machines - if they are always crashing because the user decided Bit Torrent
sounded cool and tried it - then productivity has decreased by at least that
worker. Not to mention the implication of having all admins with
viruses/trojans floatingg around as well as just the amount of spyware that
is better controller with user rights.

You need to discuss this with management of whatever company you work for -
tell them that in order to have better productivity with the equipment you
have - there will have to be some boundaries. You can step over those
boundaries as you see fit - but I would not make it habit.
 
F

Frank

jeffh said:
We currently have all our users as local administrators. A couple of
years ago we attempted to restrict our desktops, but fail short due
to particular applications requiring local permissions while the user
themselves were logged in.

We continue to fall flat when applications we do not want installed,
example: Google Toolbars, google earth, and Google search (most
recent events).

The problem is that there are several web-based applications that are
used throughout our office that require installing plug-ins, Palm
devices that require administrator permissions to install, and other
situations where the past attempt failed.

The Run As does not always seem to be a valid option. Programs like
the palm will write several entries under HKCU, so logging into the
workstation as admin is not an option.

I have made several forum posts where people have question why we are
using Administrator permissions on our workstation. Am I missing
something here?

Thanks,
Click to expand...

I have heard of this type of problem with businesses using XPHome but
not XPPro. There are nine different levels of user permissions along
with
many group policies. An IT is just asking for problems if an employee
is
able to do anything more than their job.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Non-administrator users need to register dll and ocx files 1
Group Policy Question 2
Win XP non-Admin problems 1
Installing apps as administrator 2
can't map with local administrator account! 1
Group Policy to administrator local rights 1
Adding local user to local administrator group 1
Questions and Advice Required, about ADS, GPO's and Unattended Updates WITH administrator privilege 6

Top