Administrative Privelages Issue
Dear Windows 7 IT Community, Please comment only if you are a seasoned system administrator. That being said, our office is configured with Windows 7 64 bit workstations, Public Firewall settings and Symantec Endpoint Protection. Users log in as local standard users. I keep getting complaints that the users would like to administrate their own machines and would like an administrative account in addition to their standard user account to run updates, install software, etc. Despite being standard users and having to call IT for support with 3rd party software updates, and installs, we have had a few minor virus/trojan incidents. Running the AV full scan removed them. As the IT admin, I feel safer if the users did not have administrative abilities even though it would be a separate account. I wanted to ask your professional opinion on this. Thanks
November 29th, 2010 1:58pm

It is not good practise to give all users a seperate admin account as well as a standard account for a number of reasons. Imagine the headache of Password resets for 2 accounts for each person. If every user has the ability to install their own software/updates etc you will not be in a position to understand what is out on your systems and what may cause an issue with any business software. Firstly regarding Updates, I would recommend investigating getting a local WSUS server to manage your Windows updates. This is a good tool to control what updates go to your network....It is possible to not use WSUS and use Windows Updates but in both cases you should use Group Policy to set the Update settings. for example whether the updates should auto download and install, whether to delay the restart etc. With Windows updates it may be beneficial to download and use the Malicious Software Removal Tool which is available monthly, as you have had malware this could be used as a secondary remedial cleaner incase SEP has not found everything. Depending on the size of the environment it may be best to allow some of the software to update themselves with their own update tool, ie Adobe Reader/Flash and Java as there are common areas for security compromises. Larger applications or Line of Business applications should only be managed by your IT Admin team/you and not to have different users have different versions.Lee Bowman MCITP MCTS
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2010 6:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics