Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Change from Local Admins to Local Users Group

I look after a number of networks for small businesses and most if not all have their Users as local administrators (all are in a domain environment).
From a security and operational perspective my preference is to have Users not be local admins, but I am curious to if there are any best practices or guides on transitioning and any gotchas I should test first.
0
Flipp
Asked:
Flipp
  • 7
  • 4
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
Having a regular (normal) user as a local admin is a sure road to problems. All of my clients have accepted this thinking and problem level is very low.
0
 
FlippAuthor Commented:
I suppose a two fold issue in that there is the technical side which I want to get some info on as well as test, but to sell to the business manager .... any advice?
0
 
John HurstBusiness Consultant (Owner)Commented:
As I noted, clients have asked me and we have tested local admin users. It always results in problems (people do silly things with computers). As a result, we have backed away and at this point ALL users in ALL clients are regular users. None are admins. It is cheaper for me and my colleague to service requests regularly than to fix broken operating systems. Managers and owners find we are more economical than careless or unthinking users.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
John HurstBusiness Consultant (Owner)Commented:
technical side which I want to get some info on as well as test, <--- I am not sure what technical information. There are as many ways to break computers as there are users.
0
 
FlippAuthor Commented:
Things like configuring UAC or other components that will affect a User that goes from being an admin to a standard user. I know keeping Adobe Flash and Java up to date could be a headache if we restrict our users from these upgrades due to software requirements to always having latest version and regularity of upgrades being released.
0
 
John HurstBusiness Consultant (Owner)Commented:
Users should never be allowed to configure UAC. It almost never needs to be turned off.

Adobe and Flash are problem children. We just schedule those updates.  People will try to download Flash (it can't be) and get malware in the process.

Windows updates are automatic on shutdown.

After a decade at this, I have heard ALL the reasons and then some. I am cheaper than a user who does not know what they are doing.
0
 
FlippAuthor Commented:
Do you deploy/manage updates for Reader, Flash and Java Runtime? I am pretty happy with simply using GPO to deploy these but also know the application itself can update itself.
0
 
John HurstBusiness Consultant (Owner)Commented:
Our clients are small businesses so we just update as needed. Adobe updates 2 or 3 times a year. We see clients weekly. Similarly with Flash and Java. It is easy to manage.  We have a number of laptops not on domain (mostly not in the office).

Windows updates are the most frequent and they are automatic.
0
 
John HurstBusiness Consultant (Owner)Commented:
my preference is to have Users not be local admins,  <-- I certainly agree and I think I have given you lots of reason to proceed with your own preference. It is not perfect but it is better than the alternative.
0
 
FlippAuthor Commented:
Thanks John - a great summary. I do like the basic setup of managing the core software updates across platforms with Users as non-admins.
0
 
John HurstBusiness Consultant (Owner)Commented:
@Flipp - You are most welcome and I was very happy to help. Good luck with your clients and users.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now