Provide them with an admin account and show them how to use "run-as"... I also disable logon locally where I can get away with it so they don't cheat...
On Tue, Jul 19, 2011 at 10:10 AM, David Lum <[email protected]> wrote: > How do you bigger org’s handle IT staff (DBA’s and the like) not being > local admins on their systems? Invariably they are used to throwing on > whatever they want and in some ways this helps the Help desk so they’re not > called to install stuff the user can install.**** > > ** ** > > As we move to Windows 7 my recommendation is to yank local admin perms at > the same time (yes everyone is local admin on their XP systems currently), > but I foresee pushback from Service Desk and IT folks…**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
