Sign in with
Sign up | Sign in
Your question

Windows Client and Server Security

Last response: in Windows 2000/NT
Share
January 22, 2005 1:01:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

My name is Freddy Bhagalia. I am working as a System Administrator in an
Organisation. We are into Freight Forwarding business. We have 300 plus
Computers in our Organisation and I am the Administrator of these Computers.

I was having a technical discussion with my boss (CIO of the Company). The
discussion was on "Should we give Administrator rights of the local Computer,
to the User who is the owner of that Computer.

He thinks that we should give all the Users, Administrator rights.

I am extremely against this and am arguably not in favour of that. According
to me if the Admin rights of the Computer is been given to the Users, they
can put serious problems to their own Computers and the Network. Ultimately,
the Administrator has to face the music of the Users doings.

Please let me know your views on the same as I am in a fix, on to go about
what my boss had asked me for or should I be firm on my statement to my boss
“Not to give Administrator Rights to the Users".

Regards

Freddy.Bhagalia

Jan 22

email add: freddy@writercorporation.com
Anonymous
a b 8 Security
January 23, 2005 3:05:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Freddy wrote:
> Hello,
>
> My name is Freddy Bhagalia. I am working as a System Administrator in
> an Organisation. We are into Freight Forwarding business. We have 300
> plus Computers in our Organisation and I am the Administrator of
> these Computers.
>
> I was having a technical discussion with my boss (CIO of the
> Company). The discussion was on "Should we give Administrator rights
> of the local Computer, to the User who is the owner of that Computer.
>
> He thinks that we should give all the Users, Administrator rights.

Why?

>
> I am extremely against this and am arguably not in favour of that.
> According to me if the Admin rights of the Computer is been given to
> the Users, they can put serious problems to their own Computers and
> the Network. Ultimately, the Administrator has to face the music of
> the Users doings.

You're absolutely correct. There are way too many things users can do,
deliberately or inadvertently, if they have admin rights...or perhaps even
power user rights. A virus/trojan or malware/spyware that gets on the PC
will run under whatever rights the logged in user has....the user may try to
change the system clock, remove the computer from the domain, install
software (legal or no) that is not part of your standard build, and your
computers won't be standardized ...and standardization is really important,
especially with 300 computers - although even on small networks it's a good
thing from an admin perspective.
>
> Please let me know your views on the same as I am in a fix, on to go
> about what my boss had asked me for or should I be firm on my
> statement to my boss "Not to give Administrator Rights to the Users".

Turn this question on its head and ask him why he thinks they need it. Users
should have the least amount of privileges required to do their work -
that's just common sense.

If you have badly-written software that requires local admin rights, you can
use FileMon and RegMon from www.sysinternals.com to modify the registry &
file system so it will run under a limited user account.



>
> Regards
>
> Freddy.Bhagalia
>
> Jan 22
>
> email add: freddy@writercorporation.com
!