Windows Client and Server Security

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

My name is Freddy Bhagalia. I am working as a System Administrator in an
Organisation. We are into Freight Forwarding business. We have 300 plus
Computers in our Organisation and I am the Administrator of these Computers.

I was having a technical discussion with my boss (CIO of the Company). The
discussion was on "Should we give Administrator rights of the local Computer,
to the User who is the owner of that Computer.

He thinks that we should give all the Users, Administrator rights.

I am extremely against this and am arguably not in favour of that. According
to me if the Admin rights of the Computer is been given to the Users, they
can put serious problems to their own Computers and the Network. Ultimately,
the Administrator has to face the music of the Users doings.

Please let me know your views on the same as I am in a fix, on to go about
what my boss had asked me for or should I be firm on my statement to my boss
“Not to give Administrator Rights to the Users".

Regards

Freddy.Bhagalia

Jan 22

email add: (e-mail address removed)
 
Freddy said:
Hello,

My name is Freddy Bhagalia. I am working as a System Administrator in
an Organisation. We are into Freight Forwarding business. We have 300
plus Computers in our Organisation and I am the Administrator of
these Computers.

I was having a technical discussion with my boss (CIO of the
Company). The discussion was on "Should we give Administrator rights
of the local Computer, to the User who is the owner of that Computer.

He thinks that we should give all the Users, Administrator rights.
Why?


I am extremely against this and am arguably not in favour of that.
According to me if the Admin rights of the Computer is been given to
the Users, they can put serious problems to their own Computers and
the Network. Ultimately, the Administrator has to face the music of
the Users doings.
Click to expand...

You're absolutely correct. There are way too many things users can do,
deliberately or inadvertently, if they have admin rights...or perhaps even
power user rights. A virus/trojan or malware/spyware that gets on the PC
will run under whatever rights the logged in user has....the user may try to
change the system clock, remove the computer from the domain, install
software (legal or no) that is not part of your standard build, and your
computers won't be standardized ...and standardization is really important,
especially with 300 computers - although even on small networks it's a good
thing from an admin perspective.
Please let me know your views on the same as I am in a fix, on to go
about what my boss had asked me for or should I be firm on my
statement to my boss "Not to give Administrator Rights to the Users".
Click to expand...

Turn this question on its head and ask him why he thinks they need it. Users
should have the least amount of privileges required to do their work -
that's just common sense.

If you have badly-written software that requires local admin rights, you can
use FileMon and RegMon from www.sysinternals.com to modify the registry &
file system so it will run under a limited user account.
 
Back
Top