Securing a desktop by removing local admin rights
Posted on 2014-03-03
Is there a better/novell way to secure desktops against unwanted/unlicensed software deployments and mitigating risks from zero day attacks than removing domain user accounts from local admin groups in a domain connected environment of Windows 2008 AD and Windows 7 / 8 workstations?
Consider that enterprise grade antimalware on workstations is maintained and access to downloads is blocked at the perimeter web gateway. SCCM 2012 is largely used for remote desktop support.
Users domain accounts are added into the local admin group due to various opertaional reasons which are avoidable though but effort intensive.