• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

Client workstations and Administrative access

Hello,
We have a network with Windows XP and Windows 7 client workstations and a Windows 2008R2 domain controller.

- Users need to be able to install applications and updates.
- Several users have roaming profiles.
- Workstations need to be usable by multiple users

Based on the above needs, we've had to give multiple users local Administrative access.  This allows functionality, but opens us up to security issues.  Users can use UNC to connect and browse file resources on different workstations.

Has anyone had to deal with this issue?  Any thought or recommendations on how to get a balance of functionality and security?

Thanks in advance.

Regards,
Real-Timer
0
realtimer
Asked:
realtimer
2 Solutions
 
McKnifeCommented:
Hi.

"Has anyone had to deal with this issue?" Anyone? Half of the world has...
One cannot answer your questions without further details.
-Why do users do installation and updating? That should be done by software deployment solutions or GPOs/WSUS.
-What have roaming profiles to do with it?
-What has sharing of workstations to do with it?
-"Users can use UNC to connect and browse file resources on different workstations" - yes...why? A local admin on station A may not access station B. How did you set that up?
0
 
Rich RumbleSecurity SamuraiCommented:
Why are users in charge of their machines? Not enough staff to administer the IT portion, not workflow setup to manage install requests? Users shouldn't have Admin rights, our users don't, and we don't run AV on the local workstations. We are the exception, no one is as locked down as we are, but our users request applications all the time, sometimes they get the request, most times they don't.
I need to write a new article about it, I'll post it soon.
-rich
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now