Solved

all users being in the local admins group

Posted on 2004-03-23
6
163 Views
Last Modified: 2010-04-13
Hi all,

Just looking to get some opinions on normal users being local admins on their pc's. we have a development center with 500 people and most of them are local admins because they need to install software etc.. what do you think is good practice for something like this? everyone powerusers?

many thanks

tdvit

0
Comment
Question by:tdvit
6 Comments
 
LVL 15

Assisted Solution

by:Rob Stone
Rob Stone earned 60 total points
ID: 10656286
If its possible it would be better to have everyone as Power Users, although some apps require admin rights to install.  You could use an GPO to publish software to specific users? That way you will know whats being installed and when without them being admin users.

If you want to change the admin groups on all the PC's you can use NetDom.exe.
0
 
LVL 21

Expert Comment

by:jvuz
ID: 10656676
I don't like to give admin rights to the users, because you never know what they gonna  install. I know not everyone will abuse those rights, but there are too many people who abuse that right.
0
 

Author Comment

by:tdvit
ID: 10656695
i hear you jvuz but what can you do if you have to facilitate users.  if power users doesnt do it, whats the alternative.  We as IT people have to bite the bullet and just give it to them.  from everything that I am reading there doesnt seem to be a workable alternative.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 15

Assisted Solution

by:Rob Stone
Rob Stone earned 60 total points
ID: 10656724
What about creating a install account thats in the local admins and then tell them to use the RunAs option to install apps that need admin rights.

You can also audit logon's for a week or so to see who is logging on to their PC's with that user and you can then tell them not to do so.

That or get a procedure where you remote control their PC and put in the user name/password yourself when they need to install the software, but they would need to inform you when they need software installing.

In the long run, its better to have managed systems by the IT dept so you know whats being installed, then if things go wrong you have a better idea of fixing it.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 40 total points
ID: 10657453
I assign local admin rights usually. To me only have local administrator rights doesnt pose any threat in my eyes. A lot of it depends on the environment of course. A development company I would do it where I know the computer liiteracy would be high enough to avoid any stupidty (deleted a key folder etc) but would restrict admin right from those who do not need it (accountants, admin staff etc). Other environments I would block it completely and leave it at just regular users (like in a Realtor company with public use computers)

0
 
LVL 21

Expert Comment

by:jvuz
ID: 10657683
If the users hafe admin rights, they can install everything, also software where you need a license for. If its freeware, I don't think it's a problem.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
P2V Windows NT/2000 SP4 3 1,820
Hyper V Virtual Machine not showing on Local Network 3 627
Windows Explorer and WinZXip 4 503
windows 2000 - Enable wifi 7 132
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now