In general, we do not grant local admin rights either. As long as apps are compliant with w2k, I would not expect many issues. We also host many apps on via citrix which removes this issue altogether. Also, you can use INF settings and set registry permission's via a gpo if desired to allow apps to run.
Thank You ! And have a nice day !
**************************************************************
Mark Lunsford
KAISER PERMANENTE
Security Operations
Email: [EMAIL PROTECTED]
Outside Phone: 925-926-5898
Tie Line Phone: 8-473-5898
C ell: 925-200-4077
Remedy Group: NOPS SECURITY EDOS SYS
**************************************************************
| djd <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 06/30/2005 10:16 PM
|
|
Hi,
We are also a developement&support firm.
But, we dont give any admin rights on the local
machine as it becomes very troublesome in later time.
For managing an user application, we install it the
first time for a user. For the user to run the
application we give proper permissions(generally full
control) to the specific program & in some typical
cases to the associated registery hive.
Thanks
djd
FLuent Systems
India
--- "Rimmerman, Russ" <[EMAIL PROTECTED]>
wrote:
>
> We're having a big discussion about users being
> local administrators on
> their PCs. We've made them local admins in the past
> (on NT4 domain)
> because they needed to be able to install apps, and
> we kept running into
> issues that led back to them not having local admin
> rights.
>
> Is there easy way now that we're on a Win2k3 AD
> domain to take admin
> rights away but still ensure things work correctly?
> What's the general
> consensus, do most of you give your users local
> admin rights?
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This e-mail is confidential, may contain proprietary
> information
> of the Cooper Cameron Corporation and its operating
> Divisions
> and may be confidential or privileged.
>
> This e-mail should be read, copied, disseminated
> and/or used only
> by the addressee. If you have received this message
> in error please
> delete it, together with any attachments, from your
> system.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
