Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Client workstations and Administrative access

Posted on 2013-11-14
2
Medium Priority
?
407 Views
Last Modified: 2013-11-19
Hello,
We have a network with Windows XP and Windows 7 client workstations and a Windows 2008R2 domain controller.

- Users need to be able to install applications and updates.
- Several users have roaming profiles.
- Workstations need to be usable by multiple users

Based on the above needs, we've had to give multiple users local Administrative access.  This allows functionality, but opens us up to security issues.  Users can use UNC to connect and browse file resources on different workstations.

Has anyone had to deal with this issue?  Any thought or recommendations on how to get a balance of functionality and security?

Thanks in advance.

Regards,
Real-Timer
0
Comment
Question by:realtimer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 56

Accepted Solution

by:
McKnife earned 500 total points
ID: 39650003
Hi.

"Has anyone had to deal with this issue?" Anyone? Half of the world has...
One cannot answer your questions without further details.
-Why do users do installation and updating? That should be done by software deployment solutions or GPOs/WSUS.
-What have roaming profiles to do with it?
-What has sharing of workstations to do with it?
-"Users can use UNC to connect and browse file resources on different workstations" - yes...why? A local admin on station A may not access station B. How did you set that up?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 500 total points
ID: 39653404
Why are users in charge of their machines? Not enough staff to administer the IT portion, not workflow setup to manage install requests? Users shouldn't have Admin rights, our users don't, and we don't run AV on the local workstations. We are the exception, no one is as locked down as we are, but our users request applications all the time, sometimes they get the request, most times they don't.
I need to write a new article about it, I'll post it soon.
-rich
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question