There's no indication his users would have a problem with it. It's the helpdesk/desktop support folks that have a problem here.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Sep 18, 2012 at 10:35 AM, David Mazzaccaro < [email protected]> wrote: > None of my users are local admins. And they have no problems with it.**** > > Am I just lucky to not have a “complete nightmare” because of it, or are > your users doing all sorts of crazy things that required elevated > privileges? Any more detail on what is/was the “complete nightmare”?**** > > ** ** > > ** ** > > ** ** > > ** ** > > *From:* Jonathan Link [mailto:[email protected]] > *Sent:* Tuesday, September 18, 2012 10:30 AM > > *To:* NT System Admin Issues > *Subject:* Re: This is what I get....**** > > ** ** > > Are those calls documented? And what was the nature of the call?**** > > ** ** > > After the initial transition, this will actually make admin's lives > easier, since they have a more controlled environment to work in.**** > > ** ** > > Yeah, some things are easier when they have admin rights, but that doesn't > mean that users should be doing those things, either.**** > > On Tue, Sep 18, 2012 at 10:22 AM, David Lum <[email protected]> wrote:*** > * > > Here’s how much fight I get when I even SUGGEST we should be removing > admin right from our users.**** > > **** > > Worthy to note I am not a local admin on my own NWEA machine, and none of > my %sidejob% clients are local admins on theirs. This guy knows this, but > still fights me every time.**** > > **** > > This reply incensed me enough to start again working on the management > buy-in, as it’s a lot harder to stop a top down order.**** > > **** > > > *Sent:* Tuesday, September 18, 2012 6:35 AM > *To:* David Lum > *Subject:* RE: IE 0-day, MS releases bulletin**** > > **** > > We have this very rare instance of a Zero Day attack in IE for a few sites > and you think that is a reason to create the complete nightmare of taking > away Admin rights to a local machine. Clearly you don’t know how often our > users are using their admin rights on their machines. The SD got a > call once a week from the ONE person who had that setup when she was moved > to Windows 7. If we spent some time building the infrastructure that > makes such a situation workable (like I did at the school district I worked > at), then we could live with our 500 users not being admins.**** > > **** > > David Grand**** > > **** > > *From:* David Lum > *Sent:* Tuesday, September 18, 2012 6:24 AM > *Subject:* IE 0-day, MS releases bulletin**** > > **** > > Please read this article and weigh in on the suggested workarounds.**** > > **** > > Microsoft has released a bulletin on this, and has suggested workarounds. > Most can be achieved via GPO:**** > > http://technet.microsoft.com/en-us/security/advisory/2757760**** > > **** > > Note 1: “An attacker who successfully exploited this vulnerability could > gain the same user rights as the current user. Users whose accounts are > configured to have fewer user rights on the system could be less impacted > than users who operate with administrative user rights.”**** > > *SD – this exact scenario is the benefit of users not being local > administrators.***** > > **** > > Note 2: Some of this is already done via the Trusted Site GPO. Their > additional recommendations recommend disabling ActiveX for Internet and > Local Intranet. The latter would disable some Commons functionality, but we > can disable it on the Internet site zone temporarily. Even this will > generate Service Desk calls but I feel this is worth mitigating the risk.* > *** > > **** > > Dave**** > > **** > > *From:* David Lum > *Sent:* Monday, September 17, 2012 12:39 PM > *Subject:* Just so you know that I know..**** > > **** > > 0-day of the week:**** > > **** > > > http://www.computerworld.com/s/article/9231367/Hackers_exploit_new_IE_zero_day_vulnerability?source=rss_latest_content&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fnews%2Ffeed+%28Latest+from+Computerworld%29 > **** > > **** > > Dave**** > > **** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
