Best Practice

[Guest]

Does Microsoft have a best practice for adding users to the local admin group
of the machine? Do you recommend doing this and then just locking the machine
down with Group Policy?

 

[Danny Sanders]

Don't do it.

If software requires a user to be administrator to use it check with the
vendor for an updated version designed to run on XP.

If your software is designed to run on XP your users don't have to be admins
to use it.


hth
DDS W 2k MVP MCSE

 

[Shenan Stanley]

Does Microsoft have a best practice for adding users to the local
admin group of the machine? Do you recommend doing this and then just
locking the machine down with Group Policy?

Think about what you just said..

If you make the user a local adminstrator and then "lock down" the machine
with Group Policies - what have you accomplished? The user is a Local
Administrator. If they want to undo what you did - they can. The excuse of
"they won't know how to" is saying you don't know how to make them work
without giving them full privs...

There is no good reason to make a normal computer user an administrator on a
machine. Lots of excuses to - but no good valid reasons in the normal
scheme of things. Yeah - there has to be a user that is an administrator.
That user does not have to be the only/main user of the system.