Solved

Client workstations and Administrative access

Posted on 2013-11-14
2
388 Views
Last Modified: 2013-11-19
Hello,
We have a network with Windows XP and Windows 7 client workstations and a Windows 2008R2 domain controller.

- Users need to be able to install applications and updates.
- Several users have roaming profiles.
- Workstations need to be usable by multiple users

Based on the above needs, we've had to give multiple users local Administrative access.  This allows functionality, but opens us up to security issues.  Users can use UNC to connect and browse file resources on different workstations.

Has anyone had to deal with this issue?  Any thought or recommendations on how to get a balance of functionality and security?

Thanks in advance.

Regards,
Real-Timer
0
Comment
Question by:realtimer
2 Comments
 
LVL 54

Accepted Solution

by:
McKnife earned 250 total points
ID: 39650003
Hi.

"Has anyone had to deal with this issue?" Anyone? Half of the world has...
One cannot answer your questions without further details.
-Why do users do installation and updating? That should be done by software deployment solutions or GPOs/WSUS.
-What have roaming profiles to do with it?
-What has sharing of workstations to do with it?
-"Users can use UNC to connect and browse file resources on different workstations" - yes...why? A local admin on station A may not access station B. How did you set that up?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 39653404
Why are users in charge of their machines? Not enough staff to administer the IT portion, not workflow setup to manage install requests? Users shouldn't have Admin rights, our users don't, and we don't run AV on the local workstations. We are the exception, no one is as locked down as we are, but our users request applications all the time, sometimes they get the request, most times they don't.
I need to write a new article about it, I'll post it soon.
-rich
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain admin accounts get locked out 35 59
Windows 2012 PKI in a hybrid org 3 48
Change size 15 43
Scheduled Tasks Tweak 5 30
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question