We are beginning a rollout of Windows XP SP2 and wanted to get some feedback on what type of NTFS directory permissions other firms have implemented on their Local Drives. Users will NOT be in the Local Admin group.
The main goal with the rollout is to address spyware/malware issues. In a perfect world we could give users Read & Execute access on entire C: but obviously that would cause issues with application file/folder dependence on writing to TEMP, WINDOWS, etc. directories.
Any thoughts would be much appreciated.