Solved

Client workstations and Administrative access

Posted on 2013-11-14
2
402 Views
Last Modified: 2013-11-19
Hello,
We have a network with Windows XP and Windows 7 client workstations and a Windows 2008R2 domain controller.

- Users need to be able to install applications and updates.
- Several users have roaming profiles.
- Workstations need to be usable by multiple users

Based on the above needs, we've had to give multiple users local Administrative access.  This allows functionality, but opens us up to security issues.  Users can use UNC to connect and browse file resources on different workstations.

Has anyone had to deal with this issue?  Any thought or recommendations on how to get a balance of functionality and security?

Thanks in advance.

Regards,
Real-Timer
0
Comment
Question by:realtimer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 55

Accepted Solution

by:
McKnife earned 250 total points
ID: 39650003
Hi.

"Has anyone had to deal with this issue?" Anyone? Half of the world has...
One cannot answer your questions without further details.
-Why do users do installation and updating? That should be done by software deployment solutions or GPOs/WSUS.
-What have roaming profiles to do with it?
-What has sharing of workstations to do with it?
-"Users can use UNC to connect and browse file resources on different workstations" - yes...why? A local admin on station A may not access station B. How did you set that up?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 39653404
Why are users in charge of their machines? Not enough staff to administer the IT portion, not workflow setup to manage install requests? Users shouldn't have Admin rights, our users don't, and we don't run AV on the local workstations. We are the exception, no one is as locked down as we are, but our users request applications all the time, sometimes they get the request, most times they don't.
I need to write a new article about it, I'll post it soon.
-rich
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Make the most of your online learning experience.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question