|
Posted by Leythos on May 18, 2005, 2:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
syrjalab@gsilumonics.com says...
> Greetings,
>
> I have a long running dispute with a consultant in my workplace over
> administrative rights. I have googled the topic and sampled opinions,
> but most are of the general "don't give users those rights" or "Windows
> doesn't run too well if you don't give those rights" variety.
>
> I am of the opinion that only giving users "power user" rights
> generates far more support calls than its worth and doesn't really
> prevent viruses or malware from running. Every time I ask I get no
> specific examples, and those machines that are locked down don't seem
> to be any cleaner.
>
> Can anyone give more specific examples of why it is bad for users to
> run as an administrator? I'm really trying to see that side of it,
> but no one ever gives good examples... all I get is a shrieking "YOU
> CAN'T GIVE USERS ANY RIGHTS! THEY'RE DUMB AND WILL SCREW UP THEIR
> COMPUTERS!"
You are not going to like my answer, but here it is:
We have several clients that utilize outsourced (US) support only, they
have no full time IT staff. Those clients have as many as 15 offices in
several states, all connected to each other over dedicated VPN's with
their own domain/servers in half of the offices. All workstations are
setup with DOMAIN USERS in the "workstations" local administrators
group. Now, all workstations are running Symantec Corporate Edition 9
Groupware, all are behind a firewall that blocks select attachments in
email, blocks active-x, blocks websites of a questionable nature. In
more than 3 years we've not had one single machine compromised, not one
issue with a user trashing a workstation. We've had a couple user
install personal software, but it was detected and removed. Most of the
users are non-technical, and it's working fine. Oh, we have over 387
systems running like this with those clients.
In the case of a development team, they must have local administrator
rights or they won't be able to do their work efficiently.
The only users I see screwing up their computers are ones on unprotected
networks where web access is unfiltered, email is not stripped of
malicious attachment, and where people are at home.
--
--
spam999free@rrohio.com
remove 999 in order to email me
| 
XML site map