i need to secure alot of holes in my network.. i would like to take away the admin privileges of everyone that has a laptop.. but im afraid that if they were on the road they would not be able to logon to the machines..
we have an AD infrastructure...
i am a bit unclear with the credential caching feature... does this let the user login 0-10 times before it will lock them out completely? what if they are local admin? what if they are not? regardless they have to be in the office sometime soon.. we also have satellite offices with no DC's.. how would the authentication work to those machines?
basically i want to lock down all the machines as best as possible.. prevent unauthorized software installations... this is not a problem for machines that stay in the office.. but concerns me about remote users..
im going to set it at
10 logons cached
password age would be 42 days through GP.
maybe i should just lock down the machines through GP then put them as local admin?
whats the benefits if any to having a user as a local admin
sorry if it sounds like im rambling .. my head is spinning =]