Can anyone point me towards the best practice in elevating permissions for IT engineers. I am sure there is documentation out there on this and would appreciate pointers.
1) why not provide engineer accounts with Admin rights (or not)
2) why have secondary accounts with additional permissions
By using elevated permissions does this have added security in the event a laptop is lost (they then can not reverse engineer the administratrion logon details)?