Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Change from Local Admins to Local Users Group

Posted on 2014-10-09
11
Medium Priority
?
194 Views
Last Modified: 2014-10-09
I look after a number of networks for small businesses and most if not all have their Users as local administrators (all are in a domain environment).
From a security and operational perspective my preference is to have Users not be local admins, but I am curious to if there are any best practices or guides on transitioning and any gotchas I should test first.
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 97

Expert Comment

by:John Hurst
ID: 40372078
Having a regular (normal) user as a local admin is a sure road to problems. All of my clients have accepted this thinking and problem level is very low.
0
 
LVL 6

Author Comment

by:Flipp
ID: 40372089
I suppose a two fold issue in that there is the technical side which I want to get some info on as well as test, but to sell to the business manager .... any advice?
0
 
LVL 97

Assisted Solution

by:John Hurst
John Hurst earned 2000 total points
ID: 40372095
As I noted, clients have asked me and we have tested local admin users. It always results in problems (people do silly things with computers). As a result, we have backed away and at this point ALL users in ALL clients are regular users. None are admins. It is cheaper for me and my colleague to service requests regularly than to fix broken operating systems. Managers and owners find we are more economical than careless or unthinking users.
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 97

Expert Comment

by:John Hurst
ID: 40372098
technical side which I want to get some info on as well as test, <--- I am not sure what technical information. There are as many ways to break computers as there are users.
0
 
LVL 6

Author Comment

by:Flipp
ID: 40372108
Things like configuring UAC or other components that will affect a User that goes from being an admin to a standard user. I know keeping Adobe Flash and Java up to date could be a headache if we restrict our users from these upgrades due to software requirements to always having latest version and regularity of upgrades being released.
0
 
LVL 97

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 40372110
Users should never be allowed to configure UAC. It almost never needs to be turned off.

Adobe and Flash are problem children. We just schedule those updates.  People will try to download Flash (it can't be) and get malware in the process.

Windows updates are automatic on shutdown.

After a decade at this, I have heard ALL the reasons and then some. I am cheaper than a user who does not know what they are doing.
0
 
LVL 6

Author Comment

by:Flipp
ID: 40372115
Do you deploy/manage updates for Reader, Flash and Java Runtime? I am pretty happy with simply using GPO to deploy these but also know the application itself can update itself.
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 40372119
Our clients are small businesses so we just update as needed. Adobe updates 2 or 3 times a year. We see clients weekly. Similarly with Flash and Java. It is easy to manage.  We have a number of laptops not on domain (mostly not in the office).

Windows updates are the most frequent and they are automatic.
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 40372122
my preference is to have Users not be local admins,  <-- I certainly agree and I think I have given you lots of reason to proceed with your own preference. It is not perfect but it is better than the alternative.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 40372124
Thanks John - a great summary. I do like the basic setup of managing the core software updates across platforms with Users as non-admins.
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 40372125
@Flipp - You are most welcome and I was very happy to help. Good luck with your clients and users.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Multi-threading long-running processes can have a significant increase in overall performance and drastically decrease over time it takes for a process to complete. Unfortunately, not all applications support native multi-threading, some by design a…
OnPage enhanced its integration with ConnectWise Manage to offer incident responders more control over the ticket and Incident Resolution Lifecycle.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question