Re: Granting all users Admin Rights

From: Russ Levanway (rlevanwa@cuesta.org)
Date: 05/21/02 

From: "Russ Levanway" <rlevanwa@cuesta.org>
Date: Tue, 21 May 2002 10:44:19 -0700

Greetings,

I am a Network Admin for Cuesta College and we are dealing with the same
issue. To cut right to the chase, the vast majority of users have no need
to be local administrators. On the other hand, there are a number of
serious installation related issues with leaving all users as local users
because of Office 2000 apps install processes, and the neccessity of our PC
Techs to go to install every little piece of software on users computers.
Consequently, I believe that giving users Power Users rights is the best way
to go. Users can install many apps, but they cannot install an app that
runs as a service, for example.
Maybe restricting users to local users is the most secure way and best way
for your to keep track of licensed software and only allow installation of
authorized software. However, unless you use SMS or LanDesk for software
distribution, you will have a potentially big management headache to deal
with.

Regards,
Russ

"Robert A Klopotoski Jr" <eaglek96@hotmail.com> wrote in message
news:1989821b.0205161238.6b5993ef@posting.google.com...
> Hello All,
>
> I am currently the network manager at a small college with about 250
> faculty and staff compuers(1500 students). I am in the middle of
> implementing a windows 2000 domain. The network is currently peer to
> peer workgroups with win95, 98 and 2000 clients. In the process of
> building the domain, I am also trying to get every client onto windows
> 2000 so I can take advantage of the many features it allows in
> conjunction with active directory. The most important thing to me
> since I am starting from scratch is setting up rules and guidelines
> for the users of the network. My background before working here was
> working at a high-tech engineering company.
>
> Recently I have hit a snag with the management here where we cannot
> agree on whether or not users should be allowed local administrative
> rights on their machines. In my last company I was forced to give
> admin rights to most users so they could develop and install hardware
> on their local machine. I don't really see the need for the rights
> here, but the people making the executive decisions disagree with me.
> I am curious to know how other colleges or academic institutions deal
> with this issue. It is my opinion that people should not need admin
> rights as a function of their job and any software installations
> should be routed through IT. The people making the decisions feel
> that restricting rights would infringe upon adademic freedom.
>
> I see several problems with granting a regular user admin rights. The
> main reason is that system files become accessible and could be
> corrupted very easily by accidental clicks, viruses, etc... I also
> want to be able to control the licensing of software, and want to keep
> the shareware to a minimum. Not having admin rights greatly reduces
> their ability of screwing things up on the machine. It also increases
> the security of each machine by knowing that many services can't be
> inadvertantly disabled or uninstalled.
>
> The users that I am referring to are all Faculty and Staff. Each
> person has a machine in their office to use. We are not an
> engineering school or anything like that, and only have a few teachers
> who teach computer related fields.
>
> If some people could give their feelings on this it would be greatly
> appreciated. I apologize if some of you feel this isnt the right
> newsgroup, but to me this seems like a security issue. Mainly my
> question is asking how other groups handle this? Should we give in
> and grant rights to everyone, or is it important to stand firm on my
> own opinion.
>
> Thanks in advance
> Rob

Relevant Pages

  • RE: Office tries to repair/reinstall
    ... Giving admin rights to everyone is not the solution. ... The file association issue should be also related to the Office 2007 installation. ... I will check the registry and install windows installer. ...
    (microsoft.public.office.setup)
  • RE: [Full-Disclosure] DCOM RPC exploit (dcom.c)
    ... I am a Techie Admin who is in management. ... the product, source it, install it, fix it, Admin it, everything except ... Then they had to retrofit the network. ... best work on our network and the purchased the right equipment, ...
    (Full-Disclosure)
  • Re: Impact of removing administrative rights in an enterprise running XP
    ... the network admin is "Admin" of the network... ... they should only have/need the appropriate rights for their role in the firm. ... reporting mechanisms for software/patch installations whatsoever. ...
    (Focus-Microsoft)
  • Re: Printer Problems
    ... he had the user rights to disable ... (default install behavior on xp), and it failed because DeskJet needs it ... If you create another admin on that system, you could see the problem again, ... > I manage a small network at a downtown Denver hotel. ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: Group Policy denies access to some programs
    ... and they can provide you with the needed rights for each file and directory ... both during an install and for running the program post-install. ... Group Policy denies access to some programs ... under my admin account, ...
    (Focus-Microsoft)