Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Client workstations and Administrative access

Posted on 2013-11-14
2
393 Views
Last Modified: 2013-11-19
Hello,
We have a network with Windows XP and Windows 7 client workstations and a Windows 2008R2 domain controller.

- Users need to be able to install applications and updates.
- Several users have roaming profiles.
- Workstations need to be usable by multiple users

Based on the above needs, we've had to give multiple users local Administrative access.  This allows functionality, but opens us up to security issues.  Users can use UNC to connect and browse file resources on different workstations.

Has anyone had to deal with this issue?  Any thought or recommendations on how to get a balance of functionality and security?

Thanks in advance.

Regards,
Real-Timer
0
Comment
Question by:realtimer
2 Comments
 
LVL 54

Accepted Solution

by:
McKnife earned 250 total points
ID: 39650003
Hi.

"Has anyone had to deal with this issue?" Anyone? Half of the world has...
One cannot answer your questions without further details.
-Why do users do installation and updating? That should be done by software deployment solutions or GPOs/WSUS.
-What have roaming profiles to do with it?
-What has sharing of workstations to do with it?
-"Users can use UNC to connect and browse file resources on different workstations" - yes...why? A local admin on station A may not access station B. How did you set that up?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 39653404
Why are users in charge of their machines? Not enough staff to administer the IT portion, not workflow setup to manage install requests? Users shouldn't have Admin rights, our users don't, and we don't run AV on the local workstations. We are the exception, no one is as locked down as we are, but our users request applications all the time, sometimes they get the request, most times they don't.
I need to write a new article about it, I'll post it soon.
-rich
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

An article on effective troubleshooting
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question