Best Practice

G

Guest

Does Microsoft have a best practice for adding users to the local admin group
of the machine? Do you recommend doing this and then just locking the machine
down with Group Policy?
 
D

Danny Sanders

Don't do it.

If software requires a user to be administrator to use it check with the
vendor for an updated version designed to run on XP.

If your software is designed to run on XP your users don't have to be admins
to use it.


hth
DDS W 2k MVP MCSE
 
S

Shenan Stanley

Phil said:
Does Microsoft have a best practice for adding users to the local
admin group of the machine? Do you recommend doing this and then just
locking the machine down with Group Policy?
Click to expand...

Think about what you just said..

If you make the user a local adminstrator and then "lock down" the machine
with Group Policies - what have you accomplished? The user is a Local
Administrator. If they want to undo what you did - they can. The excuse of
"they won't know how to" is saying you don't know how to make them work
without giving them full privs...

There is no good reason to make a normal computer user an administrator on a
machine. Lots of excuses to - but no good valid reasons in the normal
scheme of things. Yeah - there has to be a user that is an administrator.
That user does not have to be the only/main user of the system.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User rights for time zone changing 1
Adding a group to local admin group 4
A policy to stop Internet usage 5
Local Group Policy- App not running 1
Users access to Local machine 1
Nesting domain groups under local groups 7
Local Policy Does Not allow logon 1
Override the local Group Policy by domain policy or delete the RSOP 0

Top