This getting rid of local admin track sounds great from all the feedback. Doesn't updates need local admin, like:
Windows Updates? Java Updates? Antivirus Updates (say stand alone version of AVG or Norton)? Those seem to be the main 3 I can think of offhand. Do most of you figure out ways around these with permissions and such, or just periodically do these updates with an admin account? Anthony ----- Original Message ----- From: "Phil Brutsche" <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2008 4:56 PM Subject: Re: Local admins? In my environments NO ONE EVER gets local admin, politics be damned - a common saying is "I don't care who you are, how much you make or who you know. You're NOT getting local admin." Sure there's some nuclear fallout once in a while, but everything runs much much smoother in the long run. By myself I'm ultimately responsible for 300+ machines and that many stations is *not* a big deal. It helps that the most complicated program 80% of those stations run is MS Office. Based on what I've seen, if you don't have local admin you're bordering on not needing AV & AS packages. Yes, it's a bold statement, but true in some of my environments - I've validated it over the years with a laptop running a commercial AV package (currently Kaspersky). The only things it catches are cookies and malware installers in home folders. Salvador Manzo wrote: > Local Admin is the exception, and generally only occurs for political > reasons. Apps which "require" local admin get run through FileMon and > RegMon to tear down minimum rights, and GPOs set any required > permissions based on group membership. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
